Categories

A sample text widget

Etiam pulvinar consectetur dolor sed malesuada. Ut convallis euismod dolor nec pretium. Nunc ut tristique massa.

Nam sodales mi vitae dolor ullamcorper et vulputate enim accumsan. Morbi orci magna, tincidunt vitae molestie nec, molestie at mi. Nulla nulla lorem, suscipit in posuere in, interdum non magna.

How to create a risk management plan?

Principles of Risk Management Plan

There are certain principles of risk management process which should be considered while drafting a risk management plan and they are:
1. Such value resources should be created that when expended for the mitigation of risk, the consequence of in-action should be less i.e., to say the gain should be more than pain.
2. The process should be able to attach itself to organizational processes as an integral part of them.
3. Process should be a part of decision making.
4. Process should be able to address the assumptions as well as uncertainties explicitly.
5. Process should have a structure and should work systematically.
6. The base of the process should be confined on the best available information.
7. Process should be tailor-able.
8. Human factors should be considered by the process.
9. Process should maintain its transparency and should be inclusive.
10.Any change encountered shall be dynamically, iteratively and responsively treated.
11.Process should make continuous enhancement and improvement.
12.Process should be continuously as well as periodically assessed.

How to create a risk management plan?

Now coming to the creation of a risk management plan, appropriate counter measures as well as controls should be chosen to make measurements regarding each risk.
1. An appropriate level needs to approve the risk mitigation involved in the risk management.
2. For example, there are certain risks that are concerned with the image or reputation of the organization and therefore it had the top management decision behind it.
3. On the other hand, the authority to decide on the computer virus risks lies with IT.
4. Applicable and effective security controls should be proposed by the risk management plan for the purpose of managing the risks.
5. For example, in many of the cases, a high risk is observed concerning the computer virus.
6. In such cases, the viruses can be mitigated by acquiring the anti – virus software and implementing it.
7. Containing a schedule for responsible persons for taking actions and control implementation is a quality of a good risk management plan.
8. As per the ISO/ IEC 27001 standard, once you are done with the risk assessment phase, the next step is to draw up a risk treatment plan.
9. This risk treatment plan is to consist of the decisions stating how all the identified risks are to be managed or handled.
10. Here, in risk management by risk mitigation we mean about the selection of security controls.
11. Such security controls need to be documented in a statement of applicability.
12. The purpose of statement of applicability is to identify the controls and particular control objectives from the standard that has been selected and also it states the reasons.
13. The next step following this is the implementation of the risk management plan.
14. All the methods that were planned for the mitigation of the effect of the risks are implemented in this phase.
15. The other tasks that are carried out here are:
– Insurance policies for the risks that are to be transferred to an insurer are purchased.
– Risks that can be avoided without making any scarification of goals of entities are avoided.
– The other risks are reduced or retained as the case may be.
16. Now the plan needs to be reviewed and evaluated.
17. At the initial stage of risk management the plan is not perfect.
18. It needs to be perfected in this stage. Three things initiate changes in the plan:
– Practical
– Experience
– Actual loss result
19. These three things also contribute valuable information so that the different possible decisions could be allowed while dealing with the risks that are being faced.
20. Two things need to be updated periodically:
– Risk analysis result and
– Risk management plan
21. Periodic updating of the above two things is required as to evaluate the efficiency and applicability of the previously selected security controls.
22. Another thing is that the possible risk level changes can be evaluated in the business environment appropriately.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>