Risk Management
Overview
In today’s highly connected world, organizations all face more diverse, sophisticated threats—cyber, physical, technological, or natural—that have cross-sector impacts. The evolving risk landscape necessitates an evolved response.
Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or mitigating it to an acceptable level considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. While risk cannot always be eliminated, actions can be taken to mitigate risk.
National Risk Management Center
The National Risk Management Center - A critical infrastructure community empowered by actionable risk analysis.
CISA's Role
CISA’s National Risk Management Center (NRMC) works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s 16 critical infrastructure sectors. Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is shared priority. The NRMC facilitates collaboration, coordination and analysis across the private sector, government agencies, and key stakeholders to ensure critical infrastructure is secure and resilient now and in the future.
Featured Content
Secure Tomorrow Series Toolkit
The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning.
National Critical Functions
Functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination the
ICT Supply Chain Risk Management Task Force
A public-private partnership charged to identify and develop consensus risk management strategies to enhance global ICT supply chain security
Space Systems Initiative
CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.
Related News
Discover the latest CISA news on risk management.
CISA Releases New Resource to Help Small and Medium-Sized Businesses Develop Supply Chain Resilience Plans
The guide provides Information and Communications Technology (ICT) SMBs with a starting point develop and tailor a supply chain risk management (SCRM) plan that meets the needs of their business.
CISA Releases Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management (SCRM)
The product provides a framework that includes a consistent naming methodology, a format for identifying and providing information about components types, and other guidance.
Best Practices for Securing Election Systems
Organizations can implement these best practices, which harden enterprise networks and strengthen election infrastructure, at little or no cost.
Risk Management Resources
View all publicationsSecuring Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
Suite of Tools for the Analysis of Risk (STAR) Fact Sheet
Connected Communities Procurement and Implementation Guidance
Cyber Threats to Medical Technology and Communication Technology Protocols
Contact Us
For questions or comments, email NRMC@hq.dhs.gov.