This website uses cookies

Read our Privacy policy and Terms of use for more information.

What is a RISK?

To make sure we’re all aligned on the topic of risk management, let’s start with a brief description of risk. Most people think only of threats or vulnerabilities when they think of risk. But there is one more CRITICAL piece to consider in order to fully understand risk.

A good analogy of risk is to think about a tire. I first heard this analogy years ago from the great Jack Jones of the FAIR Institute. Ask yourself - what is the risk of a bald tire?

That bald tire is being used as a tire swing - much different than it being used on a car. Now, what is the risk?

The bald tire is attached to a frayed rope - what is the risk?

It turns out that until you include an asset (e.g. a child using the tire swing), there is no risk. There are vulnerabilities, there are threats, but you can’t define the RISK without knowing the asset.

Risk Treatment

Once you understand the risks to your business, you can look at what you want to do about those risks. You typically have 4 options.

Risk Treatment Options:

  • 🚨 Mitigate - put in safeguards to minimize the risk. You may not be able to completely remove the risk, but you can reduce the likelihood or impact to your business.

  • 🚚Transfer - consider outsourcing or purchasing insurance. For example, purchasing liability insurance could minimize the impact to your business.

  • 🚫Avoid - get out of that business

  • 👍Accept - it may be an acceptable level of risk, low likelihood, low impact, or the cost or difficulty of mitigating the risk is too great.

Risk Register

The best way to track and prioritize your risks is to document them in a risk register. This can be a simple spreadsheet where to list your assets, then think through the potential threats to the assets.

Here are some things you want to include in a risk register

Risk Description A short description of the risk
Asset What assets could be at risk?
Likelihood How likely is the risk to be realized? For example, a tornado in the South is pretty likely.
Impact What is the cost to your business, or your clients if the risk is realized?
Risk Treatment What decision have you made about the risk?

Need a Hand?

I can help you get started with a risk register. Contact me via email or on my website and ask for a risk register starter guide.

Contact Me for a Risk Register

Know someone who’d appreciate this information? Forward this newsletter and help us grow everyone’s digital confidence!

🦄 Who is Suecurity?

Susan Richards aka Sue-curity

🌉 Background: Over 30 years in information technology with a passion for keeping people and data secure.

👑 Achievement: Hosts a weekly HITRUST Secrets discussion and nerds out about security topics.

Quirk: An American patriot through and through, she still enjoys Irish breakfast tea in the mornings!

🎆 The Good News

Do not conform to the pattern of this world, but be transformed by the renewing of your mind. Then you will be able to test and approve what God’s will is - his good, pleasing and perfect will. - Romans 12:2

Be safe,

Sense of Security

Share the newsletter

Keep Reading

© 2026 Suecurity - Digital Confidence.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv