[Mjulius513]

Risk management is the process of understanding what could harm an organization and deciding how to protect it. In the video, they explained that we start by looking at what assets we have, like data, computers, and people. Risk management helps us stay organized, so we don’t miss anything important.
Risk assessment is a major step in risk management. This is where we identify threats, such as hackers or accidents, and look for vulnerabilities, like weak passwords or unlocked rooms. I learned how even small weaknesses can create big problems if a threat takes advantage of them. During risk assessment, we also think about the impact, meaning how much damage the organization would suffer if something went wrong.
Responding to risk means choosing what to do after we understand the risk level. I learned to talk about options like mitigating the risk by adding controls, avoiding the risk by stopping the activity, transferring it with insurance, or accepting it if it is low.