Risk Management

Overview

In today’s highly connected world, organizations all face more diverse, sophisticated threats—cyber, physical, technological, or natural—that have cross-sector impacts. The evolving risk landscape necessitates an evolved response.

Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or mitigating it to an acceptable level considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. While risk cannot always be eliminated, actions can be taken to mitigate risk.

graphic of city skyline and connected network icons

National Risk Management Center

The National Risk Management Center - A critical infrastructure community empowered by actionable risk analysis.

NRMC

CISA's Role

CISA’s National Risk Management Center (NRMC) works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s 16 critical infrastructure sectors. Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is shared priority. The NRMC facilitates collaboration, coordination and analysis across the private sector, government agencies, and key stakeholders to ensure critical infrastructure is secure and resilient now and in the future.

Featured Content

Secure Tomorrow Series Toolkit

The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning.

National Critical Functions

Functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination the

ICT Supply Chain Risk Management Task Force

A public-private partnership charged to identify and develop consensus risk management strategies to enhance global ICT supply chain security

Space Systems Initiative

CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.

Risk Management Resources

View all publications

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks

JAN 26, 2023 | PUBLICATION

This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.

View Files

Suite of Tools for the Analysis of Risk (STAR) Fact Sheet

JAN 05, 2024 | PUBLICATION

This fact sheet describes the Suite of Tools for the Analysis of Risk (STAR), an innovative engine for forward-looking, functional risk assessment of critical infrastructure (CI) at the national scale.

Download File (PDF, 393.94 KB)

Connected Communities Procurement and Implementation Guidance

DEC 01, 2023 | PUBLICATION

These Connected Communities Procurement and Implementation Guidance infographics assist state, local, tribal, and territorial (SLTT) government officials in mitigating risks in their supply chains when procuring smart and connected technologies.

View Files

Cyber Threats to Medical Technology and Communication Technology Protocols

FEB 23, 2024 | PUBLICATION

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) developed this infographic to show examples of cyber threats related to the expansion of the interoperable IT/OT environment in healthcare and the potential consequences.

Download File (PDF, 324.17 KB)

Contact Us

For questions or comments, email NRMC@hq.dhs.gov.