In this video, you will:
- Acknowledge the evaluation of probability and impact of risks as part of the risk assessment process
- Learn how to assess the probability and impact of each identified threat by using the risk matrix
- Learn about the different risk treatment options which may exist and how to use them
- Understand the guiding principles behind the decision-making in risk treatment
Main takeaways:
- As the final step of the risk assessment process, it is important to think which ones of the unwanted events are most likely to happen and which ones would have the most severe consequences. This process is called an analysis of the probability and impact of each threat. An unwanted event (threat), evaluated in light of its probability and impact, is actually a risk.
- To assess the probability and impact of the threat, it is highly recommended to create a ranked list of risks and use the risk matrix. For more information on the risk matrix see additional materials.
- When assessing the probability of a threat, past experiences of the organizations or individuals in the field need to be considered. For example, if a certain unwanted event happened very recently, you may consider the probability as high.
- When assessing the impact of a threat, both the duration and intensity of the consequences need to be considered. For example, if a certain unwanted event causes only discomfort, the impact might be considered low, but if it prevents the organization from continuing to operate in the field, the impact may be considered high.
- After the risk assessment, you are entering the second stage of the risk management process, called the risk treatment. In this stage, you are focusing on decisions or actions that can be made on each risk.
- This course presents the four most common risk response strategies:
- Avoid the risk completely by not doing the activity that would cause it.
- Mitigate or Reduce the risk by developing and implementing security measures that reduce the magnate of the risk to an acceptable level.
- Share or Transfer the risk by partially or fully sharing it with someone else, who might already have appropriate security measures in place.
- Accept the risk by acknowledging it and deciding to “do nothing” about it.
- When deciding on how to treat different risks, what strategy to use, it is good to: know your context, understand your resources, own the process, evaluate your progress, and seek support if needed.
Exercise
Tailor the risk management process to your context
Please take a moment to reflect, and use your own organization (or your personal situation) as an example to complete the Step 1 – Identify and Prioritize the Main Risks of the risk management process.
This exercise will help you clearly identify the most critical risks and challenges you may face, prioritize them based on their potential impact, and explore possible solutions to address them.
Please note that this exercise is for your personal practice and self-assessment only, and your responses will not be evaluated as part of the course.
Before moving on to the quiz, we recommend you to review the main takeaways of this module, and to check the additional resources provided under the “Materials” tab above.