Managing Risks

• Two main processes:

  • Risk Assessment
    • To what are we vulnerable ?
    • What are the stakes & requirements of our system ?
    • How can our continuity be endangered ?
    • Compare all risks to security requirements
  • Risk Treatment
    • Find cost-effective ways to limit all risks of which occurrence is likely / possible
  • There are always risks we cannot disable completely:
    • RESIDUAL RISKS