I’m working on a Science exercise and need support.
One of the ways to view the concept of risk management is by looking at it as a process. It is a process that entails identifying, analyzing as well as responding to risk factors. Essentially, proper risk management does imply the control of possible future events as well as it should be proactive rather than reactive (Bobylev, n.d.). I can go further and talk about risk management systems, which are designed to do more than just identify the risk. The system must also be able to quantify the risk and predict the impact of the risk on critical infrastructure. Managing risk should therefore be viewed as a continuous process. What is the relationship between countermeasures or mitigations and risk management? To answer I think that in the evolution of our risk management strategy, we should develop context-specific relationships between risk and countermeasure, as different security measures will come into play in different situations. This is where I think the aspect usually comes in. Because of the numerous numbers of critical infrastructures, which vary by nature of definition and operation, there is a chance that some might be neglected. Neglect can be as a result of human tendency to focus on the critical infrastructures that are perceived to more important than others. This is wrong because all critical infrastructures should be viewed as an interdependent network that is designed to support each both directly and indirectly. This is brings in the issue of availability of resources to the relevant agencies that are tasked with effective risk management. For developed countries, the issue of resources is not seen as a problem but for developing and underdeveloped countries, it is a major factor. Take for example, a country in Africa where its source of water for drinking by the people needs a risk management plan that takes into consideration past, present and the ever changing nature of different threats such as terrorism. A lot of resources is required to establish and sustain such a risk management plan. The purpose of a risk analysis is to identify assets, threats to those assets, the potential loss to an organization due to threats, and finally, how to respond to that potential loss (Thomas & Norman, 2009).
Bobylev, N. (n.d.). Sustainability and Vulnerability Analysis Of Critical Underground Infrastructure. Managing Critical Infrastructure Risks, 445-469. doi:10.1007/978-1-4020-6385-5_26
Thomas, L. & Norman, C. (2009). Risk Analysis and Security Countermeasure Selection. CRC Press.