Journal of Information Engineering and Applications

Risk is a concept that denotes a potential negative impact to an asset or some characteristic of value that may arise from some present process or future event. In everyday usage, risk is often used synonymously with the probability of a known loss. Risk management can be defined as the human activity which integrates recognition of risk, risk assessment, developing strategies to manage it and mitigation of risk using managerial resources. The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk and accepting some or all of the consequences of a particular risk. The objective of risk management is to reduce different risks related to a pre-selected domain to a level accepted by society.

Risk management is the process that allows  managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the Information systems and data that support their institution’ missions.  This process is not unique to the IT environment; indeed it pervades decision-making in all areas of our daily lives. The head of an organizational unit must ensure that the organization has the capabilities needed to accomplish its mission.  These mission owners must determine the security capabilities that their Information systems must have to provide the desired level of mission support in the face of real-world threats. A well-structured risk management methodology, when used effectively, can help management identify appropriate controls for providing the mission-essential security capabilities.

This paper explores various strategies and options for mitigating and monitoring risks facing financial information systems in performing risk management of financial information systems in order to minimize the losses incurred when faced by the various risks.

Keywords: Riks, risk mitigation, Risk management, Risk monitoring