Risk Management Process (RMP)

The objective of the Risk Management Process (RMP) is to provide a process to accurately and effectively evaluate risk associated with information assets within an organization. Risk management is the process of assessing risk, taking steps to reduce risk to an acceptable level, and maintaining that level of risk. Also the objective is to have managers analyze risks for many aspects of their business and allow them to consider alternatives and implement plans to maximize returns on their investments. The RMP described in this document is a risk management process for information systems that empowers managers and their organizations to build an in-depth knowledge about their systems and how they are interrelated. There are five principles to be adopted to ensure an effective risk management program:
  - Assess risk and determine needs
  - Establish a central management focus
  - Implement appropriate policies and related controls
  - Promote awareness
  - Monitor and evaluate policy and control effectiveness
 

For an organization to successfully address risks within an organization buy-in from all levels of management is needed.  The RMP is targeted to provide the executive staff clear justification for spending surrounding critical information assets and also provides the senior management with clear communication on how well their organization is performing in regards to policy, procedures and guidelines.