risk management
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Senses
Sense 1
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
References
- NICCS (CISA) Cybersecurity VocabularyJan 06, 2026NICCS glossary export (CSV)https://niccs.cisa.gov/rest/vocab/export-csvNICCS is a CISA (DHS) program. Individual glossary entries include a "From" attribution (e.g., CNSSI 4009, NIST SPs, NICE Framework). Treat "From" values as upstream provenance and verify before quoting large portions of text.Source: NICCS (CISA) Cybersecurity Vocabulary (niccs.cisa.gov).