Closing Summary of Risk Management

all right, so that brings our chapter on risk to a close. Remember, the first step in any decision you have to make is risk management. Start by identifying your assets

that's under risk assessment. Identify your assets. Look at the threats and vulnerabilities. Try to find a value associate ID with those risks, the potential for loss both qualitative. But then knowing that we need quantitative as well. And quantitative is really where we make our business decisions. Having that analysis complete.

Now we can determine the mitigation strategy

and we decide how we're gonna respond to risks. Reduce except transfer remembers part of due diligence. I have to I have to stay knowledgeable. We know that risk monitoring is not a one time thing. Once and done, you're always considering risks in your environment.

Every decision we make is gonna bring risks into the picture.

So I stay knowledgeable by looking at Resource is that I have available, whether it's through news feeds or Web logs or, uh, new sights, whatever that may be. Don't forget that even though a mitigation strategy might be to transfer risk, outsource,

you're not eliminating risks,

so make sure your security contracts are well written. The, uh, expectations are clearly defined. And don't forget including the right to audit as part of your contracts to make sure that you can keep your vendors honest.