This paper discusses the objectives of risk management and the methodology of risk analysis for businesses/organizations, with attention to the "mapping" of risks.
The objectives of risk management are to obtain the data necessary to predict the probability of various events occurring that can damage the organization in various ways and degrees. Based on this knowledge, the organization must engage in the development of a cost-efficiency analysis that may produce a security system that will fall short of total security (too costly) but will significantly reduce the probability that the most likely security threats will succeed in damaging the organization. This paper proposes a risk-analysis methodology similar to the SARA methodology used predominantly in modern community policing. This involves "scanning," which consists of identifying security threats and consequences; "analysis," which assesses the security risks identified; "response," which involves designing, implementing, and integrating security strategies; and "assessment," which measures and monitors the effectiveness of the response. Risk maps constitute the graphic presentation of all risks, which allows the visualization of various security threats and their connections. 3 figures and 18 references