Categories of Risk

Health
Behavioral
Risk to Personal Safety

Health risk
everyone needs daily personal care
everyone is on Oxygen or has other medical conditions
that is a concern
everyone requires daily cueing to take medications or
has other medication issues
everyone is medically complex and frail with a high
service plan
Everyone has frequent falls

Risk to Personal Safety

Is socially isolated, hard to serve, would not reach out
for help
Everyone has inability to self-advocate
everyone lives alone with no informal support system
(relative, friend, neighbor) that could assist them
Would not have extra food/medication available in an
emergency
Environmental Risks
Financial Risk
Cognitive Impairment

Behavioral Risks
Needs reassurances/ does not adapt easily to changing
homemaker or routines.
Non-compliant, substance abuse
Client has anxiety or mental health issues
Family unable to meet physical or emotional needs of
client as needed.
The family dynamics are creating a challenge

Risk
Risks can come from various sources: e.g., uncertainty
in financial markets, threats from project failures (at any
phase in design, development, production, or
sustainment life-cycles), legal liabilities, credit risk,
accidents,natural causes and disastersas well as
deliberate attack from an adversary, or events of
uncertain or unpredictableroot-cause.
There are two types of events i.e. negative events can
be classified as risks while positive events are classified
as opportunities.

Risk action

Four principles for Risk minimization

plan

Risk plan

Methods
Identify, characterizethreats
assess thevulnerabilityof critical assets to specific
threats
determine therisk(i.e. the expected likelihood and
consequences of specific types of attacks on specific
assets)
identify ways to reduce those risks
prioritizerisk reduction measures based on a strategy

Principles of Management risk

be a systematic and structured process
be based on the best available information
be tailorable
take human factors into account
be transparent and inclusive
be dynamic, iterative and responsive to change
be capable of continual improvement and enhancement
be continually or periodically re-assesse

Potential risk treatments

Avoidance (eliminate, withdraw from or not become
involved)
Reduction (optimize mitigate)
Sharing (transfer outsource or insure)
Retention (accept and budget)

Review and evaluation of plan

to evaluate whether the previously selected security
controls are still applicable and effective
to evaluate the possible risk level changes in the
business environment. For example, information risks
are a good example of rapidly changing business
environment