•  Risk management:  to reduce or mitigate the
                       potential loss.  This involves the following:
                          •  Risk analysis
                          •  Cost/benefit analysis
                          •  Deploying safeguards
                          •  Auditing
                          •  Insurance
                          •  Continuity planning
                          •  Training, etc.
                   •  Use legal, HR, and auditors to consult
                       regarding regulatory & compliance issues
                   •  Quantitative risk analysis = numeric
                   •  Qualitative risk analysis = subjective,
                       scenario-orientated.  The disadvantage to
                       qualitative is that it is not as accurate,
                       management might not agree, and it is
                       difficult to assign dollar amounts.
                   •  Other risk analysis methods
                          •  Failure modes and effects analysis
                              (FMEA): potential failures for each
                              mode.
                          •  Fault tree analysis – a.k.a. Spanning
                              tree analysis.  Create a tree of all
                              threats.
                          •  Delphi – an anonymous survey.
                   •  ANZ 4360 standard – standard for qualitative
                       risk management from new Zealand
                   •  Remedial selection measures.
                          •  Risk reduction: provide
                              countermeasures.