
Risk Management
Overview
In today’s digitizing world, as organizations are increasingly integrating cyber systems into their operations, they are also facing more diverse, sophisticated threats— cyber, physical, technological, or natural—that may have cross-sector impacts. The evolving risk landscape necessitates an evolved response.
Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. While risk often cannot be eliminated, actions can usually be taken to control risk.
CISA’s Role
CISA works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s critical infrastructure. Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is shared priority. CISA creates an environment where the private sector, government agencies, and key stakeholders can collaborate, share expertise, and coordinate risk reduction activities to ensure critical infrastructure is secure and resilient now and into the future.
Featured Content
Secure Tomorrow Series Toolkit
The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning.
National Critical Functions
Functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination the
ICT Supply Chain Risk Management Task Force
A public-private partnership charged to identify and develop consensus risk management strategies to enhance global ICT supply chain security
Related News
Discover the latest CISA news on risk management.
CISA Releases New Insight on Preparing Critical Infrastructure for the Transition to Post-Quantum Cryptography
Provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing.
Secure Tomorrow Series Toolkit: Using Strategic Foresight to Prepare for the Future
The Secure Tomorrow Series is a unique platform that brings together SMEs, thought leaders, and others from academia, think tanks, the private sector, and National Labs to think proactively about future risks.
ICT Supply Chain Risk Management Task Force Announces new members and Working Group
Government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to announce new members and map out the Task Force’s 2022 workplan.
Risk Management Resources
View all publicationsSecuring Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
Preparing Critical Infrastructure for Post-Quantum Cryptography
National Critical Functions Set
Contact Us
For questions or comments, email NRMC@hq.dhs.gov.