ITS

Risk Management

Risk management is formally defined as “The total process to identify, control, and manage the impact of uncertain harmful events, commensurate with the value of the protected assets.” The aim of risk management is “to strike an economic balance between the costs associated with the risks and the costs of protective measures to lessen those risks.”[1] Hence, risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level.

It is important that departments and their IT users understand what risks exist in their IT environment and how those risks can be reduced or even eliminated. The aim of risk management is “to aid managers to strike an economic balance between the costs associated with the risks and the costs of protective measures to lessen those risks.” It is both prudent practice and, in many cases, a legal necessity.

Last updated: 1/23/2020

Information Security • PO Box 8136 Statesboro, GA 30460 • (912) 478-1592 • security@georgiasouthern.edu