
Risk Management is simply the process of managing risks based on your organisation’s security policies. The process includes assessment of people, processes and technologies that can potentially impact security.
A risk register and plan are developed in the process of risk (threat) identification, evaluation, prioritisation and development of mitigation controls (accept, reduce, transfer).