ABSTRACT
Anything that we do has risk associated with it. That is because we wish to achieve an aim that has some value to us and there will always be obstacles to achieve this aim or objective. We use resources such as people, time, consumables (gasoline, paper, food, water, electricity, etc.), buildings, equipment, information (including information systems), and processes or procedures to overcome obstacles (threats and vulnerabilities, as we will discuss) and reduce the potential for failure. Since we cannot anticipate all impediments and make preparations to overcome them, there will always be some uncertainty that we will succeed. According to Cardenas (2009), “obtaining perfect security is impossible” (p. 1434). For the purposes of this chapter, that uncertainty can be considered to be risk, and dealing with residual risk is risk management.
