SEP2606
Assignment 2
Semester 2 2025
Due 2 October 2025
,SEP2606
Assignment 2
Semester 2 2025
Due 2 October 2025
Security Risk Control Measures I
SECTION A
Question 1: Define the term “risk management” and provide your own examples.
Answer:
Risk management is the structured process of identifying, analysing, and responding to
potential threats that could disrupt an organisation’s operations, assets, or people. Its
purpose is not to eliminate all risks, which is impossible, but to reduce them to levels
that are acceptable and manageable. Effective risk management balances prevention,
preparedness, and decision-making to safeguard organisational continuity (Hopkin,
2018).
Examples:
• A university reinforcing access control and CCTV to reduce crime on campus.
• A logistics company insuring its trucks against hijackings and accidents.
• A financial institution carrying out cybersecurity audits to limit exposure to
hacking.
, Question 2: Name and explain four decisions management can make to manage
risk cost-effectively.
Answer:
Management can use four core strategies to address risks in a cost-effective way:
1. Risk Avoidance
Stop activities that create unacceptable risk. For example, a retail store may
close its late-night operations in high-crime areas to reduce the chance of armed
robbery.
2. Risk Reduction
Reduce either the probability or the impact of risk. Installing fire alarms and
sprinklers reduces the damage caused by fire.
3. Risk Transfer
Shift the financial burden of risk to another party. A construction company may
buy liability insurance to cover workplace accidents.
4. Risk Retention
Accept certain risks that are either unavoidable or too costly to eliminate, while
preparing contingency reserves. For example, a supermarket may tolerate minor
shoplifting losses instead of investing in costly monitoring systems.
This combination of strategies allows management to balance effectiveness with
financial sustainability (Frigo & Anderson, 2011).
Assignment 2
Semester 2 2025
Due 2 October 2025
,SEP2606
Assignment 2
Semester 2 2025
Due 2 October 2025
Security Risk Control Measures I
SECTION A
Question 1: Define the term “risk management” and provide your own examples.
Answer:
Risk management is the structured process of identifying, analysing, and responding to
potential threats that could disrupt an organisation’s operations, assets, or people. Its
purpose is not to eliminate all risks, which is impossible, but to reduce them to levels
that are acceptable and manageable. Effective risk management balances prevention,
preparedness, and decision-making to safeguard organisational continuity (Hopkin,
2018).
Examples:
• A university reinforcing access control and CCTV to reduce crime on campus.
• A logistics company insuring its trucks against hijackings and accidents.
• A financial institution carrying out cybersecurity audits to limit exposure to
hacking.
, Question 2: Name and explain four decisions management can make to manage
risk cost-effectively.
Answer:
Management can use four core strategies to address risks in a cost-effective way:
1. Risk Avoidance
Stop activities that create unacceptable risk. For example, a retail store may
close its late-night operations in high-crime areas to reduce the chance of armed
robbery.
2. Risk Reduction
Reduce either the probability or the impact of risk. Installing fire alarms and
sprinklers reduces the damage caused by fire.
3. Risk Transfer
Shift the financial burden of risk to another party. A construction company may
buy liability insurance to cover workplace accidents.
4. Risk Retention
Accept certain risks that are either unavoidable or too costly to eliminate, while
preparing contingency reserves. For example, a supermarket may tolerate minor
shoplifting losses instead of investing in costly monitoring systems.
This combination of strategies allows management to balance effectiveness with
financial sustainability (Frigo & Anderson, 2011).
