The impact of a threat varies based on numerous factors. For example, if a fire were in one room of a company instead of the whole building the one room would have a lower impact versus the whole building of the company. Another example would be that an earthquake would have a huge impact on a business in or near the epicenter of the earthquake. The further away from the epicenter of the earthquake the less impact the threat would have on a business. The closer to the epicenter of the earthquake the companies would have a greater impact (Snedaker, 2014). There might be a slight impact on other companies around the country if the company that is affected by the earthquake is a supplier or the earthquake would impact vendor to another company or region (Snedaker, 2014). The impact assessment is important to risk …show more content…
Risk management is the process of identifying risk, assessing risks, and taking numerous steps to reduce risks to a comfortable level (Snedaker, 2014). Performing risk management enables an organizing to accomplish the missions by better securing IT systems that store, process, or transmit organization information (Snedaker, 2014). Additionally enabling management to create informed risk management decisions to justify the expenditures that are part of an IT budget and assisting management in authorizing the companies IT systems (Snedaker, 2014). These missions are the basis of supporting documentation resulting from the performance of risk management that encompasses the three processes: risk mitigation, risk assessment, and evaluation and