Information Technology Security. Advice from Experts

Some key concepts embodied within the risk management process model are worth noting:

• Risk is seldom eliminated; it is merely mitigated or controlled. As such, the risk management model is an endless loop. A risk, once mitigated, should be periodically reviewed, and controls should be tested for compliance at regular intervals.

• The essential process steps, risk assessment and risk mitigation, successively gather information that support the key steps in the overall process.