Risk management is activity directed towards the assessing, mitigating (to an acceptable level) and monitoring of risks. In some cases the acceptable risk may be near zero. Risks can come from accidents, natural causes and disasters as well as deliberate attacks from an adversary.

In businesses, risk management entails organized activity to manage uncertainty and threats and involves people following procedures and using tools in order to ensure conformance with risk-management policies.

For the most part, risk management methodologies consist of the following elements;

• Identify assets and identify which are most critical
• Determine the risk (i.e. the expected consequences of specific types of attacks on specific assets)
• Identify, characterize, and assess threats -assess the vulnerability of critical assets to specific threats
• Identify ways to reduce those risks -prioritize risk reduction measures based on a strategy