Risk management in network security is the process of identifying, assessing, prioritizing and mitigating risks to network infrastructure, data and services from threats and vulnerabilities.
While it is impossible to eliminate risk, it is possible to manage risk to an acceptable level. This process starts with an organization defining three (3) crucial components of risk management:
To “manage an organization’s risk, ” that organization needs to adhere to its stated risk tolerance, where the organization has four (4) options to address identified risks:
