HLSS505week3

Are Acceptable Risks... Acceptable? This week's lesson involves discussing what are actual levels of acceptable risks within an organization. But before we discuss what is acceptable risk, we must ask, are there such things as acceptable risks?

Acceptable risks are based on the measurability and criticality of human and property loss that can be tolerated by an organization. This can also be on a large scale from country to country perspectives or as small as local communities. Acceptable risks are also predicated on risk exposure and is indicative of the probability and impact of a risk on a targeted location. There is a correlation between risk acceptance levels and what is considered to be the maximum extent what is considered acceptable. Judgment is the call of the organization and that is what make acceptable risks a challenging feat. Additionally, an important challenge is identifying what risk should be deemed acceptable because, in all actuality, no levels of risk should be accepted to preserve assets, resources, and people. Right?

However, acceptable risks should be identified to provide an effective and realistic policy within an organization. Once security experts establish acceptable risk levels for an organization, the company should formulate a risk management committee to be responsible for the risks identified. This is important, as the committee would be responsible for the implementation of such policies to ensure that risks do not extend past the comfortable zone of acceptable risk (that is agreed upon by the organization---leadership and management). Some examples of acceptable risks are based on infrastructure, transportation, business, and individual-- even our government agencies.