The report (Interoperable EU Risk Management Framework) published today is primarily designed to assess the existing risk management frameworks and methodologies in order to identify those with the most prominent interoperable features.
What is security risk management?
Information security risk management consists of the coordinated activities of an organisation in order to control information security risks. These activities are inscribed in a process allowing to:
- establish the external and internal context;
- assess the risks and decide whether to address the risks;
- draw a plan to implement decisions made on how to manage the risks.
In order to reduce the risks to an acceptable level, the process includes an analysis of the likelihood of potential security breaches prior to making the decision on solutions to implement.