The analysis, reduction, prevention, mitigation or remediation of threats, exposures and vulnerabilities that might put an organization’s objectives at risk. Some common methods used to help manage risk include assessing probability and impact of threat, assessing inherent and residual risk, and then prioritizing treatment of risk according to objectives defined through a business impact analysis and the organization’s risk appetite.