Download Security Risk Assessment Book PDF

Download full Security Risk Assessment books PDF, EPUB, Tuebl, Textbook, Mobi or read online Security Risk Assessment anytime and anywhere on any device. Get free access to the library by create an account, fast download and ads free. We cannot guarantee that every book is in the library.

The Security Risk Assessment Handbook

The Security Risk Assessment Handbook
  • Author : Douglas Landoll
  • Publisher :Unknown
  • Release Date :2016-04-19
  • Total pages :504
  • ISBN : 9781439821497
GET BOOK HERE

Summary : The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-wor

Security Risk Assessment

Security Risk Assessment
  • Author : John M. White
  • Publisher :Unknown
  • Release Date :2014-07-22
  • Total pages :230
  • ISBN : 9780128009178
GET BOOK HERE

Summary : Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a thorough security assessment for any organization. A good security assessment is a fact-finding process that determines an organization’s state of security protection. It exposes vulnerabilities, determines the potential for losses, and devises a plan to address these security concerns. While most security professionals have heard of a security assessment, many do not know how to conduct one, how it’s used, or how to evaluate what they have found. Security Risk Assessment offers security professionals step-by-step guidance for conducting a complete risk assessment. It provides a template draw from, giving security professionals the tools needed to conduct an assessment using the most current approaches, theories, and best practices. Discusses practical and proven techniques for effectively conducting security assessments Includes interview guides, checklists, and sample reports Accessibly written for security professionals with different levels of experience conducting security assessments

Risk and the Theory of Security Risk Assessment

Risk and the Theory of Security Risk Assessment
  • Author : Carl S. Young
  • Publisher :Unknown
  • Release Date :2019
  • Total pages :286
  • ISBN : 303030602X
GET BOOK HERE

Summary : This book provides the conceptual foundation of security risk assessment and thereby enables reasoning about risk from first principles. It presents the underlying theory that is the basis of a rigorous and universally applicable security risk assessment methodology. Furthermore, the book identifies and explores concepts with profound operational implications that have traditionally been sources of ambiguity if not confusion in security risk management. Notably, the text provides a simple quantitative model for complexity, a significant driver of risk that is typically not addressed in security-related contexts. Risk and The Theory of Security Risk Assessment is a primer of security risk assessment pedagogy, but it also provides methods and metrics to actually estimate the magnitude of security risk. Concepts are explained using numerous examples, which are at times both enlightening and entertaining. As a result, the book bridges a longstanding gap between theory and practice, and therefore will be a useful reference to students, academics and security practitioners.

Information Security Risk Assessment Toolkit

Information Security Risk Assessment Toolkit
  • Author : Mark Talabis,Jason Martin
  • Publisher :Unknown
  • Release Date :2012
  • Total pages :258
  • ISBN : 9781597497350
GET BOOK HERE

Summary : In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessments gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders. Based on authors' experiences of real-world assessments, reports, and presentations Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment

Security Risk Assessment and Management

Security Risk Assessment and Management
  • Author : Betty E. Biringer,Rudolph V. Matalucci,Sharon L. O'Connor
  • Publisher :Unknown
  • Release Date :2007-03-12
  • Total pages :384
  • ISBN : 9780471793526
GET BOOK HERE

Summary : Proven set of best practices for security risk assessment and management, explained in plain English This guidebook sets forth a systematic, proven set of best practices for security risk assessment and management of buildings and their supporting infrastructures. These practices are all designed to optimize the security of workplace environments for occupants and to protect the interests of owners and other stakeholders. The methods set forth by the authors stem from their research at Sandia National Laboratories and their practical experience working with both government and private facilities. Following the authors' step-by-step methodology for performing a complete risk assessment, you learn to: Identify regional and site-specific threats that are likely and credible Evaluate the consequences of these threats, including loss of life and property, economic impact, as well as damage to symbolic value and public confidence Assess the effectiveness of physical and cyber security systems and determine site-specific vulnerabilities in the security system The authors further provide you with the analytical tools needed to determine whether to accept a calculated estimate of risk or to reduce the estimated risk to a level that meets your particular security needs. You then learn to implement a risk-reduction program through proven methods to upgrade security to protect against a malicious act and/or mitigate the consequences of the act. This comprehensive risk assessment and management approach has been used by various organizations, including the U.S. Bureau of Reclamation, the U.S. Army Corps of Engineers, the Bonneville Power Administration, and numerous private corporations, to assess and manage security risk at their national infrastructure facilities. With its plain-English presentation coupled with step-by-step procedures, flowcharts, worksheets, and checklists, you can easily implement the same proven approach and methods for your organization or clients. Additional forms and resources are available online at www.wiley.com/go/securityrisk.

Assessing and Managing Security Risk in IT Systems

Assessing and Managing Security Risk in IT Systems
  • Author : John McCumber
  • Publisher :Unknown
  • Release Date :2004-08-12
  • Total pages :288
  • ISBN : 0203490428
GET BOOK HERE

Summary : Assessing and Managing Security Risk in IT Systems: A Structured Methodology builds upon the original McCumber Cube model to offer proven processes that do not change, even as technology evolves. This book enables you to assess the security attributes of any information system and implement vastly improved security environments. Part I delivers an overview of information systems security, providing historical perspectives and explaining how to determine the value of information. This section offers the basic underpinnings of information security and concludes with an overview of the risk management process. Part II describes the McCumber Cube, providing the original paper from 1991 and detailing ways to accurately map information flow in computer and telecom systems. It also explains how to apply the methodology to individual system components and subsystems. Part III serves as a resource for analysts and security practitioners who want access to more detailed information on technical vulnerabilities and risk assessment analytics. McCumber details how information extracted from this resource can be applied to his assessment processes.

Security Risk Assessment

Security Risk Assessment
  • Author : Genserik Reniers,Nima Khakzad,Pieter Van Gelder
  • Publisher :Unknown
  • Release Date :2017-11-20
  • Total pages :201
  • ISBN : 9783110499087
GET BOOK HERE

Summary : This book deals with the state-of-the-art of physical security knowledge and research in the chemical and process industries. Legislation differences between Europe and the USA are investigated, followed by an overview of the how, what and why of contemporary security risk assessment in this particular industrial sector. Innovative solutions such as attractiveness calculations and the use of game theory, advancing the present science of adversarial risk analysis, are discussed. The book further stands up for developing and employing dynamic security risk assessments, for instance based on Bayesian networks, and using OR methods to truly move security forward in the chemical and process industries.

The Security Risk Assessment Handbook, 2nd Edition

The Security Risk Assessment Handbook, 2nd Edition
  • Author : Douglas Landoll
  • Publisher :Unknown
  • Release Date :2016
  • Total pages :504
  • ISBN : OCLC:1192534940
GET BOOK HERE

Summary : The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments provides detailed insight into precisely how to conduct an information security risk assessment. Designed for security professionals and their customers who want a more in-depth understanding of the risk assessment process, this volume contains real-wor.

Security Risk Management

Security Risk Management
  • Author : Evan Wheeler
  • Publisher :Unknown
  • Release Date :2011-04-20
  • Total pages :360
  • ISBN : 1597496162
GET BOOK HERE

Summary : Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs. Named a 2011 Best Governance and ISMS Book by InfoSec Reviews Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk Presents a roadmap for designing and implementing a security risk management program

General Security Risk Assessment

General Security Risk Assessment
  • Author : Anonim
  • Publisher :Unknown
  • Release Date :2003
  • Total pages :22
  • ISBN : LCCN:2007298536
GET BOOK HERE

Summary :

Strategic Security Management

Strategic Security Management
  • Author : Karim Vellani
  • Publisher :Unknown
  • Release Date :2019-09-05
  • Total pages :278
  • ISBN : 9780429014857
GET BOOK HERE

Summary : Strategic Security Management, Second Edition provides security leadership and decision-makers with a fresh perspective on threat, vulnerability, and risk assessment. The book offers a framework to look at applying security analysis and theory into practice for effective security program, implementation, management and evaluation. Chapters examine metric-based security resource allocation of countermeasures, including security procedures, utilization of personnel, and electronic measures. The new edition is fully updated to reflect the latest industry best-practices and includes contributions from security industry leaders—based on their years of professional experience—including Norman Bates, Robert Emery, Jack Follis, Steve Kaufer, Andrew Rubin, Michael Silva, and Ken Wheatley. Strategic Security Management, Second Edition will be a welcome addition to the security literature for all security professionals, security managers, and criminal justice students interested in understanding foundational security principles and their application.

Risk Assessment and Security for Pipelines, Tunnels, and Underground Rail and Transit Operations

Risk Assessment and Security for Pipelines, Tunnels, and Underground Rail and Transit Operations
  • Author : Anna M. Doro-on
  • Publisher :Unknown
  • Release Date :2014-06-03
  • Total pages :414
  • ISBN : 9781466569348
GET BOOK HERE

Summary : Risk Assessment and Security for Pipelines, Tunnels, and Underground Rail and Transit Operations details a quantitative risk assessment methodology for systematically analyzing various alternatives for protecting underground rail, oil and gas pipelines, pipeline freight transportation, and other tunnel systems from terrorism threats and other disasters. It examines the engineering, environmental, and economic impacts and addresses both direct and collateral damage. The book describes how to employ the methodology of quantitative psychology for effectively assessing risk in homeland security, defense actions, and critical infrastructure protection. Using pipelines, tunnels, underground rapid rail, and transit systems as examples, it maintains an emphasis on applying quantitative psychology to risk management in the areas of homeland security and defense. Outlines the background and system operations of pipelines, tunnels, underground rail, and transit systems as well as other super-speed futuristic trains Covers materials used for fabricating weapons of mass destruction and operations for terrorism Deals with the probabilistic risk estimation process, event tree analysis, and fault tree analysis Discusses the risk and vulnerability assessment tools and methodologies used by experts and governmental agencies Approved for public release by the U.S. Federal Government, this book presents regulations, standard processes, and risk assessment models recommended by the U.S. Department of Homeland Security and other federal and state agencies. Describing how to evaluate terrorism threats and warnings, it details protocols for preventive measures and emergency preparedness plans that are based on economic analysis. With comprehensive coverage that includes risk estimation and risk acceptability analysis, the book provides a foundational understanding of risk and the various defensive systems that can improve safety and security as well as thwart terrorists’ efforts to sabotage critical infrastructure.

Quantitative Security Risk Assessment of Enterprise Networks

Quantitative Security Risk Assessment of Enterprise Networks
  • Author : Xinming Ou,Anoop Singhal
  • Publisher :Unknown
  • Release Date :2011-11-06
  • Total pages :28
  • ISBN : 9781461418603
GET BOOK HERE

Summary : Protection of enterprise networks from malicious intrusions is critical to the economy and security of our nation. This article gives an overview of the techniques and challenges for security risk analysis of enterprise networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one network configuration compare with another one”. In this article, we will present a methodology for quantitative security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scoring System (CVSS). Our techniques analyze all attack paths through a network, for an attacker to reach certain goal(s).

Risk Assessment for Water Infrastructure Safety and Security

Risk Assessment for Water Infrastructure Safety and Security
  • Author : Anna Doro-on
  • Publisher :Unknown
  • Release Date :2011-08-17
  • Total pages :431
  • ISBN : 9781439853429
GET BOOK HERE

Summary : One of the seventeen critical infrastructures vital to the security of the United States, the water supply system remains largely unprotected from the threat of terrorism, including possible revenge by Al Qaeda over the killing of Osama Bin Laden. Recognizing and identifying prospective events of terrorism against the water infrastructure is critical to the protection of the nation, as the consequences triggered by a terrorist attack on the water supply would be devastating. Risk Assessment for Water Infrastructure: Safety and Security provides a unique quantitative risk assessment methodology for protection and security against terrorist contamination, vandalism, attacks against dams, and other threats to water supply systems. Focusing on the human safety, environmental, and economic consequences triggered by potential terrorist attacks and other threats, the book presents: The development of an integrated approach of risk assessment based upon the cumulative prospect theory The qualitative/quantitative processes and models for security and safe facility operations as required by EPA, DHS, and other governmental and regulatory agencies The application of an integrated model to the risk assessment of surface water, dams, wells, wastewater treatment facilities, reservoirs, and aqueducts of large urban regions The development of intelligence analysis incorporating risk assessment for terrorism prevention Finally, the book presents the legal and regulatory requirements and policy related to the protection and security of water infrastructure from terrorism and natural hazards to both human health and the environment. By analyzing potential terrorist risks against the water supply, strategic improvements in U.S. water infrastructure security may be achieved, including changes in policy, incorporation of intrusion detection technology, increased surveillance, and increased intelligence. More information can be found on the author's website.

Security Software Development

Security Software Development
  • Author : Douglas A. Ashbaugh, CISSP
  • Publisher :Unknown
  • Release Date :2008-10-23
  • Total pages :321
  • ISBN : 1420063812
GET BOOK HERE

Summary : Threats to application security continue to evolve just as quickly as the systems that protect against cyber-threats. In many instances, traditional firewalls and other conventional controls can no longer get the job done. The latest line of defense is to build security features into software as it is being developed. Drawing from the author’s extensive experience as a developer, Secure Software Development: Assessing and Managing Security Risks illustrates how software application security can be best, and most cost-effectively, achieved when developers monitor and regulate risks early on, integrating assessment and management into the development life cycle. This book identifies the two primary reasons for inadequate security safeguards: Development teams are not sufficiently trained to identify risks; and developers falsely believe that pre-existing perimeter security controls are adequate to protect newer software. Examining current trends, as well as problems that have plagued software security for more than a decade, this useful guide: Outlines and compares various techniques to assess, identify, and manage security risks and vulnerabilities, with step-by-step instruction on how to execute each approach Explains the fundamental terms related to the security process Elaborates on the pros and cons of each method, phase by phase, to help readers select the one that best suits their needs Despite decades of extraordinary growth in software development, many open-source, government, regulatory, and industry organizations have been slow to adopt new application safety controls, hesitant to take on the added expense. This book improves understanding of the security environment and the need for safety measures. It shows readers how to analyze relevant threats to their applications and then implement time- and money-saving techniques to safeguard them.

Risk Propagation Assessment for Network Security

Risk Propagation Assessment for Network Security
  • Author : Mohamed Slim Ben Mahmoud,Nicolas Larrieu,Alain Pirovano
  • Publisher :Unknown
  • Release Date :2013-04-08
  • Total pages :144
  • ISBN : 9781118581018
GET BOOK HERE

Summary : The focus of this book is risk assessment methodologies for network architecture design. The main goal is to present and illustrate an innovative risk propagation-based quantitative assessment tool. This original approach aims to help network designers and security administrators to design and build more robust and secure network topologies. As an implementation case study, the authors consider an aeronautical network based on AeroMACS (Aeronautical Mobile Airport Communications System) technology. AeroMACS has been identified as the wireless access network for airport surface communications that will soon be deployed in European and American airports mainly for communications between aircraft and airlines. It is based on the IEEE 802.16-2009 standard, also known as WiMAX. The book begins with an introduction to the information system security risk management process, before moving on to present the different risk management methodologies that can be currently used (quantitative and qualitative). In the third part of the book, the authors’ original quantitative network risk assessment model based on risk propagation is introduced. Finally, a network case study of the future airport AeroMACS system is presented. This example illustrates how the authors’ quantitative risk assessment proposal can provide help to network security designers for the decision-making process and how the security of the entire network may thus be improved. Contents Part 1. Network Security Risk Assessment 1. Introduction to Information System Security Risk Management Process. 2. System Security Risk Management Background. 3. A Quantitative Network Risk Management Methodology Based on Risk Propagation. Part 2. Application to Airport Communication Network Design 4. The AeroMACS Communication System in the SESAR Project. 5. Aeronautical Network Case Study.

Threat Assessment and Risk Analysis

Threat Assessment and Risk Analysis
  • Author : Greg Allen,Rachel Derr
  • Publisher :Unknown
  • Release Date :2015-11-05
  • Total pages :156
  • ISBN : 0128022248
GET BOOK HERE

Summary : Threat Assessment and Risk Analysis: An Applied Approach details the entire risk analysis process in accessible language, providing the tools and insight needed to effectively analyze risk and secure facilities in a broad range of industries and organizations. The book explores physical vulnerabilities in such systems as transportation, distribution, and communications, and demonstrates how to measure the key risks and their consequences, providing cost-effective and achievable methods for evaluating the appropriate security risk mitigation countermeasures. Users will find a book that outlines the processes for identifying and assessing the most essential threats and risks an organization faces, along with information on how to address only those that justify security expenditures. Balancing the proper security measures versus the actual risks an organization faces is essential when it comes to protecting physical assets. However, determining which security controls are appropriate is often a subjective and complex matter. The book explores this process in an objective and achievable manner, and is a valuable resource for security and risk management executives, directors, and students. Guides readers from basic principles to complex processes in a logical, building block fashion Provides a clear, step-by-step process for performing a physical security threat and risk analysis for any organization Covers quantitative and qualitative risks such as operational risk, legal risk, reputational risk, social risks, and economic risks Utilizes the Department of Homeland Security risk assessment framework and best practices, including CARVER, API/NPRA, and RAMCAP

Metrics and Methods for Security Risk Management

Metrics and Methods for Security Risk Management
  • Author : Carl Young
  • Publisher :Unknown
  • Release Date :2010-08-21
  • Total pages :296
  • ISBN : 1856179796
GET BOOK HERE

Summary : Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem. Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful. Offers an integrated approach to assessing security risk Addresses homeland security as well as IT and physical security issues Describes vital safeguards for ensuring true business continuity

Lessons Learned from the Fukushima Nuclear Accident for Improving Safety and Security of U.S. Nuclear Plants

Lessons Learned from the Fukushima Nuclear Accident for Improving Safety and Security of U.S. Nuclear Plants
  • Author : National Academies of Sciences, Engineering, and Medicine,Division on Earth and Life Studies,Nuclear and Radiation Studies Board,Committee on Lessons Learned from the Fukushima Nuclear Accident for Improving Safety and Security of U.S. Nuclear Plants
  • Publisher :Unknown
  • Release Date :2016-06-06
  • Total pages :238
  • ISBN : 9780309388887
GET BOOK HERE

Summary : The U.S. Congress asked the National Academy of Sciences to conduct a technical study on lessons learned from the Fukushima Daiichi nuclear accident for improving safety and security of commercial nuclear power plants in the United States. This study was carried out in two phases: Phase 1, issued in 2014, focused on the causes of the Fukushima Daiichi accident and safety-related lessons learned for improving nuclear plant systems, operations, and regulations exclusive of spent fuel storage. This Phase 2 report focuses on three issues: (1) lessons learned from the accident for nuclear plant security, (2) lessons learned for spent fuel storage, and (3) reevaluation of conclusions from previous Academies studies on spent fuel storage.

How to Measure Anything in Cybersecurity Risk

How to Measure Anything in Cybersecurity Risk
  • Author : Douglas W. Hubbard,Richard Seiersen
  • Publisher :Unknown
  • Release Date :2016-07-25
  • Total pages :304
  • ISBN : 9781119085294
GET BOOK HERE

Summary : A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Risk Management for Computer Security

Risk Management for Computer Security
  • Author : Andy Jones,Debi Ashenden
  • Publisher :Unknown
  • Release Date :2005
  • Total pages :274
  • ISBN : 9780750677950
GET BOOK HERE

Summary : The information systems security (InfoSec) profession remains one of the fastest growing professions in the world today. With the advent of the Internet and its use as a method of conducting business, even more emphasis is being placed on InfoSec. However, there is an expanded field of threats that must be addressed by today's InfoSec and information assurance (IA) professionals. Operating within a global business environment with elements of a virtual workforce can create problems not experienced in the past. How do you assess the risk to the organization when information can be accessed, remotely, by employees in the field or while they are traveling internationally? How do you assess the risk to employees who are not working on company premises and are often thousands of miles from the office? How do you assess the risk to your organization and its assets when you have offices or facilities in a nation whose government may be supporting the theft of the corporate "crown jewels" in order to assist their own nationally owned or supported corporations? If your risk assessment and management program is to be effective, then these issues must be assessed. Personnel involved in the risk assessment and management process face a much more complex environment today than they have ever encountered before. This book covers more than just the fundamental elements that make up a good risk program. It provides an integrated "how to" approach to implementing a corporate program, complete with tested methods and processes; flowcharts; and checklists that can be used by the reader and immediately implemented into a computer and overall corporate security program. The challenges are many and this book will help professionals in meeting their challenges as we progress through the 21st Century. *Presents material in an engaging, easy-to-follow manner that will appeal to both advanced INFOSEC career professionals and network administrators entering the information security profession *Addresses the needs of both the individuals who are new to the subject as well as of experienced professionals *Provides insight into the factors that need to be considered & fully explains the numerous methods, processes & procedures of risk management