Risk Management
How to calculate risk before it calculates you.
## Risk isn't a feeling. It's Math.
You can't secure everything. You have limited money and limited time. **Risk Management** is deciding what to save first.
### The Formula
`Risk = Likelihood x Impact`
### The 4 Ways to Handle Risk
1. **Avoid**: Don't do the risky thing. (e.g., Don't store credit card numbers).
2. **Mitigate**: secure the thing. (e.g., Encrypt the credit card numbers).
3. **Transfer**: Make it someone else's problem. (e.g., Cyber Insurance).
4. **Accept**: "If it breaks, it breaks." (e.g., A low-priority dev server).
### The Process
Identify -> Analyze -> Evaluate -> Treat -> Monitor. Rinse and repeat.
Back to Resources