█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Risk Management and Governance/What is Risk Management?
30 minBeginner

What is Risk Management?

After this lesson, you will be able to: Define risk in cybersecurity terms and explain why businesses prioritize managing it.

Security people lose budget arguments when they say 'this is insecure'. They win when they say 'this risk costs $X annually'. Risk management is the framework that translates technical issues into business language.

Risk = Likelihood × Impact

A vulnerability with no exploit = low risk. A known exploit on a public-facing critical system = critical risk. Risk is multidimensional, both axes matter.

💡 Threat vs vulnerability vs risk

Threat, a thing that could cause harm (ransomware, insider). Vulnerability, a weakness that could be exploited (unpatched server). Risk, the combination, weighted by likelihood and impact.

Four ways to handle risk

  1. 1

    1. Avoid, don't do the activity (don't store this data).

  2. 2

    2. Mitigate, reduce likelihood/impact (patch, encrypt).

  3. 3

    3. Transfer, insurance, contractual liability transfer.

  4. 4

    4. Accept, sign off that residual risk is okay.

Why this matters

Every security spend is a risk transfer/mitigation decision. Without risk framing, security teams sound like they're crying wolf. With it, they're partners in business decisions.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
Back to Risk Management and Governance
Risk Assessment→