All organisations face a certain level of risk associated with various threats. These threats may be the result of natural events, accidents, or intentional acts to cause harm. Regardless of the nature of the threat, organisations have a responsibility to limit or manage risks from these threats to the extent possible. Organisations, should develop and implement security risk management methodologies which adhere to the International Standards (ISO) and Industry best practice while also supporting the security needs of the organization.
“Risk is a function of the values of threat, consequence, and vulnerability. The objective of risk management is to create a level of protection that mitigates vulnerabilities to threats and the potential consequences, thereby reducing risk to an acceptable level.”