Okay, So in looking with risk management, we've talked about risk assessment, which basically, we're gonna identify, evaluate our assets and we're gonna think about threats and vulnerabilities. Then we move into risk analysis where we want to get a value. We're looking to figure out what is the potential for loss.
No said. There's qualitative risk analysis
that's more subjective in nature. We're going to use words like very likely unlikely or high probability, medium probability, very subjective and quantitative analysis, which is more objective. It's more fact based numeric or empirical data
eso looking for value
with analysis. And then we look to mitigate a risks we look to reduce, which is less than the probability and or impact we look to trans. First, that we can share in the potential for loss. Or sometimes when the cost of the counter measures just too expensive, we accept the risk.
So those were the main elements of a risk, and just the last slide in this chapter,
keeping in mind that risks never go away. You know, we really don't eliminate risks usually are big thing that we do is we reduce risks to a level that's acceptable by senior management, right? We've talked about that idea again and again. Well, ultimately, once we get that risk, too,
the specific level that senior management wants
now we've got to keep tracking, making sure that it stays at that level. We constantly have new threats emerging every single day, something new. There's some new way to do the same old stuff, whether it's fraud or theft or or whatever that may be.
So we have to stay very knowledgeable of emerging trends,
of emerging threat, new vulnerabilities that are popping up in the software that were using. And we constantly have to make sure that we're operating within the confines off. What management feels like is an acceptable level of risk. That's our jobs, information, security officers. So we've
done all of those elements to manage with risk.
Now we're gonna continue to monitor to make sure we stay in the right place.