We have spent considerable time analyzing threats, vulnerability, and risk. Security Risk Management (SRM), however, is not just an academic exercise designed to produce an elegant analysis. The ultimate aim of SRM is to help clarify the risks faced in the field so something can be done about them, enabling important work to go on safely. This requires deciding whether your work/Project can continue in light of identified dangers and then implementing appropriate measures to reduce risk to a tolerable level. In this chapter you will learn about: Criticality Assessment – deciding when programs or activities are simply too risky to undertake for the resulting benefits. Two basic types of risk reduction measures:
The “Risk Reduction Toolkit” or set of activities and means for reducing risk in the field. This toolkit of options includes: