Identify the concept of cybersecurity risk management.

Identification should include

• defining risk management as the process of identifying possible vulnerabilities and quantifying potential risk as it pertains to systems
• addressing risk-management strategies, including, but not limited to,
  • risk mitigation―reducing the likelihood of the risk
  • risk transfer―transferring the risk to another company, such as an insurance firm
  • risk avoidance―avoiding the possibility of the risk (e.g., avoiding any known risks of a specific software program by choosing not to use it)
  • risk acceptance―understanding and accepting the risks associated with use of a system or feature. 

Process/Skill Questions:

• What mechanisms are in place to manage cyber risk?
• How are cyber issues incorporated into risk assessment?
• How does an organization create a cyber marketing security plan?
• How can an individual manage risk?