What is risk management?How to improve it ?

Thanks to the systematic process of risk management organizations can better understand risk inside the organization related to the information systems. Also, can understand specifically what the risk is, what is at risk, how to analyze the risk and respond to it. Also with a risk management plan is possible to know the current controls in place to address those risks and determine if those controls are adequate. To do all this work, the security awareness of the IT staff and employees of other departments must be there. It seems obvious, but on many occasions, threats can be minimized and with this the motivation to maintain a good risk management plan and practices. For this reason, it is highly recommended that continuous training and meetings be held to discuss the plan and ways to improve it. A change management of risk plan needs to have clear documentation, in this way the staff can lay out the tasks and determine the resources needed in case of a breach or threat in an efficient way, acting faster in the situation. Some common examples in risk management plans are not storing sensitive information on their computers. This is to minimize data breaches; this can be solved by storing the data in a cloud to transfer the risk to a company and buy insurance that supports this service and provides more integrity to the system. Another example of strategies to minimize or mitigate risk that should be included in this plan is multifactor authentication, reducing unauthorized persons accessing information and sharing or transferring it. The main cause of threats and security breaches are due to personnel, 75% of them clicking malicious emails or links, so training must be applied to the employees of the organization and that these trainings are given continuously (Dada et al. 2021).