8. 4 Phases
(1) Risk
Identification
Identify all potential risks
Examples
Monitoring
Assessment
Hard disk
failure
Malware
Spyware
Mitigation
Other hardware failure
Theft
Loss internet
connectivity
10. 4 Phases
(3) Risk
Mitigation
4 risk mitigation
strategies
Define per risk strategy
measures to reduce risk
Risk Mitigation Strategies
Identified and
assessed risks
Avoid risk by
Reduce risk by
Hard disk failure
Accept risk?
Remaining risk
level
Backup
Malware
Transfer risk by
Malware software
Theft
Spyware
Monitoring
Other hardware
failure
Loss of internet
connectivity
Insurance
Spyware
Assessment
accept
accept
11. 4 Phases
(4) Risk
Monitoring
A risk can never be
completely eliminated.
It can only be managed
Identified and
assessed risks
Risk Mitigation
Hard disk failure
Backup
Malware
Malware software
Theft
Insurance
Spyware
Spyware
Other hardware
failure
Loss of internet
connectivity
Monitoring
Risk Monitoring activity
Check correct and completeness of backup
Regular restore
Check validity insurance
Check regular anti spyware updates and check
correct and complete execution
Assessment
12. Risk Management tips
• Build multidisciplinair teams to identify, assess, mitigate and monitor
risks from different perspectives
• Use brainstorming techniques to identify risks and to mitigate risks
• Define risk mitigation measures based on the four strategies (avoid,
reduce, transfer, accept) starting from the highest risks
• Weave risk management activities in the daily project and service
management practices and tooling