Task 3 -- Risk Control and Treatments Flashcards
What are several ways that security and protection professionals can manage risk as requested by asset owners.
ELIMINATE, REDUCE, TRANSFER, ACCEPT (ERTA)
ELIMINATE
Some risk can be eliminated entirely. For example, a store may choose not to stock a commonly stolen product, thus eliminating the risk that the item will be stolen. Likewise, the risk of being eaten by a shark can be eliminated by never swimming in an open body of water. Eliminating a risk is not always practical or possible. For example, the only way a business can eliminate the risk of an active shooter is by never opening in the first place, which would render the business obsolete.
REDUCE
–
Reducing risk is a common action associated with security. Risk can be reduced through a variety of strategies designed to mitigate the effects of an attack and/or the resulting loss. For example, keeping cash in multiple registers, moving excess cash to a time lock safe, adding security technology, and increasing staff are all ways of reducing risk. In fact, most of the functions associated with security are aimed at reducing risk.
TRANSFER
–
The transfer of risk is typically achieved through insurance and implies that another entity is taking on the risk on the organization’s behalf.
ACCEPT
–
Risk is a normal part of everyday life, and some risk is simply accepted as a part of day-to-day operations. Every time you get in a car, you accept the risk you could be in a car crash. Business owners accept the risk that someone will steal some of their products or an employee will be injured on the job. Accepting risk can be a proper strategy if the costs of reducing, eliminating, or transferring the risk outweigh the potential losses associated with it.
For organizations to cost-effectively manage risk they should develop balanced strategies to adaptively, proactively and reactively address minimization of both the likelihood and consequences of undesirable and/or disruptive events.
Furthermore, the selection of risk treatment controls should be integrated with the overall risk management programs with its priority stakeholders.
What three elements should an overall risk management program have?
Such a program should have at least three elements:
1. Protecting the organization and its value chain.
- Responding to events.
- Continuing operations while recovering from events.
Plans should also involve determining ways to measure risks as well as testing the effectiveness of the plan itself and its ability to limit risks.
Insurance coverage on an asset is considered the most common form of what type of risk management?
RISK TRANSFER
ABC Inc. decided to reduce the risk of theft by spreading valuable assets to various locations, while applying target hardening strategies and countermeasures. However, a risk of theft remains. This is referred to as which of the following?
Residual risk