{"id":148118,"date":"2023-03-01T15:56:32","date_gmt":"2023-03-01T18:56:32","guid":{"rendered":"https:\/\/sandbox2.institutopmg.com\/itsm\/how-to-manage-risks\/"},"modified":"2025-12-16T14:47:59","modified_gmt":"2025-12-16T17:47:59","slug":"how-to-manage-risks","status":"publish","type":"post","link":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/","title":{"rendered":"How to manage risks?"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">We know that risks in IT infrastructures and cyber space are becoming more frequent and sophisticated. These are the consequences of technological progress optimized by digital transformation, which brings &#8211; along with benefits and possibilities &#8211; threats and vulnerabilities, true targets that hackers live to exploit! But what to do to manage these risks? What strategies to use to avoid or at least mitigate the impacts they can cause? After all, how to perform a <\/span><b>Risk Analysis<\/b><span style=\"font-weight: 400;\"> and <\/span><b>Risk Assessment<\/b><span style=\"font-weight: 400;\">?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To start this conversation, let&#8217;s first understand what is actually considered &#8220;risk&#8221;.<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_1 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Navegue por t\u00f3picos de interesse:<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#Do_you_know_what_a_RISK_is\" >Do you know what a RISK is?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#Understand_what_a_Risk_Analysis_is\" >Understand what a Risk Analysis is:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#Types_of_Risk_Analysis\" >Types of Risk Analysis<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#How_to_assess_risks\" >How to assess risks?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#Learn_about_3_types_of_Strategies_that_can_be_applied_in_Risk_Management\" >Learn about 3 types of Strategies that can be applied in Risk Management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#Treating_security_risks\" >Treating security risks<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#So_is_this_Risk_Management\" >So, is this Risk Management?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#Think_carefully_about_this_process\" >Think carefully about this process!<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Do_you_know_what_a_RISK_is\"><\/span><span style=\"font-weight: 400;\">Do you know what a RISK is?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">RISK = Probability of an event occurring + consequence of that event.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A risk occurs when it is possible for a threatening agent (hacker) to take advantage of some vulnerability and its corresponding commercial impact. For example: a firewall with several open ports presents a higher probability of an unauthorized network invasion and its consequent damages.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another example: a team of poorly informed employees about the company&#8217;s procedures and processes generates a higher probability of an unintentional error that could destroy data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another example: a network without an intrusion detection system installed offers a higher probability of some attack going unnoticed, and when it is realized, it may already be too late.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In short, we can say that risk links vulnerability, threat, and probability of exploitation to the related commercial impact.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">And it is worth noting that risk in Information Security may be associated with threats of both an information asset and a group of information assets that could cause harm to an organization.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Because when a threat materializes, a risk arises for the organization. And in the Information Security process, threats are efficiently mapped so that both the extension analysis of the risk and the management of its evaluation determine the measures that must be taken to minimize the risk and what it can become.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Understand_what_a_Risk_Analysis_is\"><\/span><span style=\"font-weight: 400;\">Understand what a Risk Analysis is:<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">According to ISO 27005, we can understand the term &#8216;risk analysis&#8217; as a process that defines and analyzes risks represented by potential adverse human and natural events, both for individuals and for companies and government agencies.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">That is, Risk Analysis allows for risk estimates and provides the basis for proper evaluation and definition of the protection measures that need to be taken.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In practice, Risk Analysis is a tool to clarify which threats are relevant to operational processes and to identify associated risks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is through Risk Analysis that the appropriate level of security and associated security measures can be determined.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We can define the objectives of a Risk Analysis as:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Identify assets and their values;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Map vulnerabilities and threats;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Analyze the risk of threats becoming a reality and interrupting the operational process;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Specify the balance between the costs of an incident and the costs of a security measure, that is, a cost-benefit analysis.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Types_of_Risk_Analysis\"><\/span><span style=\"font-weight: 400;\">Types of Risk Analysis<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Risk Analysis can be quantitative and qualitative. Let&#8217;s better understand each one!<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Quantitative Risk Analysis aims to calculate a risk value based on the level of financial loss and the probability that a threat may become an Information Security incident. Determines the value of each element in all operational processes. These values can be composed of the costs of Information Security measures, as well as the value of the property itself, including items such as hardware, software, information, and business impact.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The time for a Quantitative Risk Analysis should extend from the emergence of a threat to the effectiveness of Information Security measures.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, a purely quantitative risk analysis is practically impossible! It is the qualitative risk analysis that maps out the scenarios and situations and the chances of a threat becoming a reality (based on intuition).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Qualitative analysis also examines the operational process related to the threat and the Information Security measures already taken. This all leads to a subjective view of possible threats, so that measures can be subsequently taken to minimize the Information Security risk.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">However, the best result of an analysis is always achieved when carried out in a group, as this leads to a debate that avoids the monopoly of vision of a single person or department.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_assess_risks\"><\/span><span style=\"font-weight: 400;\">How to assess risks?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">After the Risk Analysis is performed, the next step in management is <\/span><b>Risk Assessment<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to ISO\/IEC 27000:2012, Risk Assessment is the overall process of risk identification, risk analysis, and risk estimation. Risk Assessment, therefore, should include a systematic approach to estimating the magnitude of risks (Risk Analysis) and the process of comparing the estimated risks against risk criteria to determine the significance of the risks (Risk Estimation).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Risk assessment is the total sum of:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Asset evaluation and appreciation;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Threat evaluation and appreciation;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Vulnerability evaluation.\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">And it is this total sum that provides the diagnosis of the scenario as a basis for defining the appropriate strategies. And what are these strategies? There are different types of strategies so that the most appropriate can be used based on the result of the risk assessment. Let&#8217;s see what they are:<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Learn_about_3_types_of_Strategies_that_can_be_applied_in_Risk_Management\"><\/span><span style=\"font-weight: 400;\">Learn about 3 types of Strategies that can be applied in Risk Management<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The first type of strategy is Risk Acceptability, in which:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Certain risks are acceptable, since security measures are too expensive;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Management may decide not to do anything, even if the costs of security measures do not exceed the costs of potential damages;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Information security measures are generally repressive in nature.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Another type of strategy is Risk Neutral, in which security measures are taken so that:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The threat ceases to exist;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The resulting damage is minimized;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The security measures taken are a combination of preventive, investigative, and repressive measures.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">In the Risk Prevention strategy:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The security measures taken are of such an order that the threat is neutralized to a degree that prevents an incident from occurring. For example, the addition of new software that ensures that errors in the old software are no longer a threat;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The security measures taken are preventive in nature.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">According to the result of the risk assessment, the most appropriate strategy for the scenario is chosen for the appropriate treatment.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Treating_security_risks\"><\/span><span style=\"font-weight: 400;\">Treating security risks<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Before considering the treatment of a risk, the organization needs to define the criteria for determining whether risks can be accepted or not.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Risks can be accepted if, for example, it is assessed that the risk is low or that the cost of treatment is not economically viable for the organization.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For each of the identified risks, following risk analysis\/assessment, a decision about the treatment of the risk needs to be made.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Possible options for treating the risk include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Applying appropriate controls to reduce the risks;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Knowing and objectively accepting the risks, knowing that they clearly meet the organization&#8217;s policy and risk acceptance criteria;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Avoiding risks, by not allowing actions that could cause risks to occur;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Transferring associated risks to other parties, such as insurers or suppliers.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">It is recommended that for those risks where the treatment decision is to apply appropriate controls, those controls be selected and implemented to meet the requirements identified by the risk analysis\/assessment.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The controls should ensure that risks are reduced to an acceptable level, taking into account:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">National and international legislation and regulation requirements and constraints;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Organizational objectives;<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Requirements and operational constraints;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Cost of implementation and operation in relation to the risks being reduced and that remain proportional to the organization&#8217;s constraints and requirements;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The need to balance investment in implementing and operating controls against the probability of damage resulting from information security failures.<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"So_is_this_Risk_Management\"><\/span><span style=\"font-weight: 400;\">So, is this Risk Management?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">When a threat manifests itself, it becomes an <a href=\"https:\/\/itsmhouse.com\/incident-and-problem-management\/\">incident<\/a>. For example, a hacker gaining access to a company&#8217;s network or a serious power failure threatening business continuity. It is when the threat materializes that a risk to the company arises.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The extent of the risk and its management determine which measures should be taken.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Therefore, Risk Management is the entire process of transforming a threat into a risk with the appropriate security measures in place.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is important to note that risk management is a continuous process in which risks are identified, examined, and reduced to an acceptable level.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This process applies to all aspects of operational processes. In large organizations, the task of monitoring this process is carried out by an information security specialist.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Most of the measures taken by an organization&#8217;s information security department to neutralize the risk are a combination of preventive and repressive actions.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When measures are taken to avoid the risk, the threat is neutralized in such a way that it does not lead to an incident. To illustrate in practice how to eliminate an existing threat, just imagine upgrading an old software to a more updated and error-free one.<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Think_carefully_about_this_process\"><\/span><span style=\"font-weight: 400;\">Think carefully about this process!<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Regardless of the strategy adopted, the key is to make a conscious decision based on risk analysis and evaluation. It is also important that management be aligned with the company&#8217;s security objectives and policies, as well as with the requirements and constraints of national and international legislation and regulation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Risk Management is undoubtedly a very extensive and detailed subject. Each scenario requires a strategic adaptation. Therefore, an information security professional should always be contacted. But I hope that I have helped to clarify the perception of how to deal with the risks that haunt the protection of your data, information, and assets in general.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If this content was useful to you, share it with others! Good things are meant to be shared!<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We know that risks in IT infrastructures and cyber space are becoming more frequent and sophisticated. These are the consequences of technological progress optimized by digital transformation, which brings &#8211; along with benefits and possibilities &#8211; threats and vulnerabilities, true targets that hackers live to exploit! But what to do to manage these risks? What [&hellip;]<\/p>\n","protected":false},"author":85233,"featured_media":148119,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9435,9433],"tags":[10077,9548,9451,9528,9502,9503,9504,9452,10078,10079,10080,9493,9665],"class_list":["post-148118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iso-20000","category-tutorials","tag-incident","tag-it-management","tag-it-service-management-2","tag-it-services","tag-itil-2","tag-itil-4-2","tag-itil-v3-2","tag-itsm-2","tag-risk","tag-risk-itil","tag-risk-itsm","tag-risk-management","tag-service-management"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to manage risks? - PMG Academy<\/title>\n<meta name=\"description\" content=\"Learn about the definition of risk, what risk analysis is, and how to assess risks in IT infrastructures and cyberspace.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to manage risks?\" \/>\n<meta property=\"og:description\" content=\"Learn about the definition of risk, what risk analysis is, and how to assess risks in IT infrastructures and cyberspace.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\" \/>\n<meta property=\"og:site_name\" content=\"PMG Academy\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/PMG.Academy.Brasil\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/adriano.martinsantonio\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-01T18:56:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-16T17:47:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"678\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Adriano Martins Antonio\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adriano Martins Antonio\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\"},\"author\":{\"name\":\"Adriano Martins Antonio\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/person\/4ff5bc0806b04dd72d25d14a443360e7\"},\"headline\":\"How to manage risks?\",\"datePublished\":\"2023-03-01T18:56:32+00:00\",\"dateModified\":\"2025-12-16T17:47:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\"},\"wordCount\":1582,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg\",\"keywords\":[\"incident\",\"it management\",\"it service management\",\"it services\",\"itil\",\"itil 4\",\"itil v3\",\"itsm\",\"risk\",\"risk itil\",\"risk itsm\",\"risk management\",\"service management\"],\"articleSection\":[\"ISO 20000\",\"Tutorials\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\",\"url\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\",\"name\":\"How to manage risks? - PMG Academy\",\"isPartOf\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg\",\"datePublished\":\"2023-03-01T18:56:32+00:00\",\"dateModified\":\"2025-12-16T17:47:59+00:00\",\"description\":\"Learn about the definition of risk, what risk analysis is, and how to assess risks in IT infrastructures and cyberspace.\",\"breadcrumb\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage\",\"url\":\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg\",\"contentUrl\":\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg\",\"width\":1024,\"height\":678},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Tutorials\",\"item\":\"https:\/\/sandbox2.institutopmg.com\/en\/tutorials\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ISO 20000\",\"item\":\"https:\/\/sandbox2.institutopmg.com\/en\/tutorials\/iso-20000\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to manage risks?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#website\",\"url\":\"https:\/\/sandbox2.institutopmg.com\/en\/\",\"name\":\"PMG Academy\",\"description\":\"Seu portal de estudos de ITSM, Cyber, EGIT e Projetos \u00c1geis\",\"publisher\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sandbox2.institutopmg.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#organization\",\"name\":\"PMG Academy\",\"url\":\"https:\/\/sandbox2.institutopmg.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2021\/02\/cropped-Asset-1@azul-1.png\",\"contentUrl\":\"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2021\/02\/cropped-Asset-1@azul-1.png\",\"width\":6964,\"height\":2938,\"caption\":\"PMG Academy\"},\"image\":{\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/PMG.Academy.Brasil\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/person\/4ff5bc0806b04dd72d25d14a443360e7\",\"name\":\"Adriano Martins Antonio\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/media.pmgacademy.com\/wp-content\/uploads\/2022\/07\/23180854\/Adriano-PNG-100x100.png\",\"url\":\"https:\/\/media.pmgacademy.com\/wp-content\/uploads\/2022\/07\/23180854\/Adriano-PNG-100x100.png\",\"contentUrl\":\"https:\/\/media.pmgacademy.com\/wp-content\/uploads\/2022\/07\/23180854\/Adriano-PNG-100x100.png\",\"caption\":\"Adriano Martins Antonio\"},\"sameAs\":[\"https:\/\/www.facebook.com\/adriano.martinsantonio\"],\"url\":\"https:\/\/sandbox2.institutopmg.com\/en\/author\/adrianopmgacademy-coms\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to manage risks? - PMG Academy","description":"Learn about the definition of risk, what risk analysis is, and how to assess risks in IT infrastructures and cyberspace.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/","og_locale":"en_US","og_type":"article","og_title":"How to manage risks?","og_description":"Learn about the definition of risk, what risk analysis is, and how to assess risks in IT infrastructures and cyberspace.","og_url":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/","og_site_name":"PMG Academy","article_publisher":"https:\/\/www.facebook.com\/PMG.Academy.Brasil","article_author":"https:\/\/www.facebook.com\/adriano.martinsantonio","article_published_time":"2023-03-01T18:56:32+00:00","article_modified_time":"2025-12-16T17:47:59+00:00","og_image":[{"width":1024,"height":678,"url":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg","type":"image\/jpeg"}],"author":"Adriano Martins Antonio","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Adriano Martins Antonio","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#article","isPartOf":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/"},"author":{"name":"Adriano Martins Antonio","@id":"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/person\/4ff5bc0806b04dd72d25d14a443360e7"},"headline":"How to manage risks?","datePublished":"2023-03-01T18:56:32+00:00","dateModified":"2025-12-16T17:47:59+00:00","mainEntityOfPage":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/"},"wordCount":1582,"commentCount":0,"publisher":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/#organization"},"image":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage"},"thumbnailUrl":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg","keywords":["incident","it management","it service management","it services","itil","itil 4","itil v3","itsm","risk","risk itil","risk itsm","risk management","service management"],"articleSection":["ISO 20000","Tutorials"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/","url":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/","name":"How to manage risks? - PMG Academy","isPartOf":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage"},"image":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage"},"thumbnailUrl":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg","datePublished":"2023-03-01T18:56:32+00:00","dateModified":"2025-12-16T17:47:59+00:00","description":"Learn about the definition of risk, what risk analysis is, and how to assess risks in IT infrastructures and cyberspace.","breadcrumb":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#primaryimage","url":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg","contentUrl":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2025\/12\/Como-gerenciar-riscos_-1024x678-1.jpg","width":1024,"height":678},{"@type":"BreadcrumbList","@id":"https:\/\/sandbox2.institutopmg.com\/en\/how-to-manage-risks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Tutorials","item":"https:\/\/sandbox2.institutopmg.com\/en\/tutorials\/"},{"@type":"ListItem","position":2,"name":"ISO 20000","item":"https:\/\/sandbox2.institutopmg.com\/en\/tutorials\/iso-20000\/"},{"@type":"ListItem","position":3,"name":"How to manage risks?"}]},{"@type":"WebSite","@id":"https:\/\/sandbox2.institutopmg.com\/en\/#website","url":"https:\/\/sandbox2.institutopmg.com\/en\/","name":"PMG Academy","description":"Seu portal de estudos de ITSM, Cyber, EGIT e Projetos \u00c1geis","publisher":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sandbox2.institutopmg.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sandbox2.institutopmg.com\/en\/#organization","name":"PMG Academy","url":"https:\/\/sandbox2.institutopmg.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2021\/02\/cropped-Asset-1@azul-1.png","contentUrl":"https:\/\/sandbox2.institutopmg.com\/wp-content\/uploads\/2021\/02\/cropped-Asset-1@azul-1.png","width":6964,"height":2938,"caption":"PMG Academy"},"image":{"@id":"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/PMG.Academy.Brasil"]},{"@type":"Person","@id":"https:\/\/sandbox2.institutopmg.com\/en\/#\/schema\/person\/4ff5bc0806b04dd72d25d14a443360e7","name":"Adriano Martins Antonio","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/media.pmgacademy.com\/wp-content\/uploads\/2022\/07\/23180854\/Adriano-PNG-100x100.png","url":"https:\/\/media.pmgacademy.com\/wp-content\/uploads\/2022\/07\/23180854\/Adriano-PNG-100x100.png","contentUrl":"https:\/\/media.pmgacademy.com\/wp-content\/uploads\/2022\/07\/23180854\/Adriano-PNG-100x100.png","caption":"Adriano Martins Antonio"},"sameAs":["https:\/\/www.facebook.com\/adriano.martinsantonio"],"url":"https:\/\/sandbox2.institutopmg.com\/en\/author\/adrianopmgacademy-coms\/"}]}},"_links":{"self":[{"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/posts\/148118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/users\/85233"}],"replies":[{"embeddable":true,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/comments?post=148118"}],"version-history":[{"count":1,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/posts\/148118\/revisions"}],"predecessor-version":[{"id":149105,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/posts\/148118\/revisions\/149105"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/media\/148119"}],"wp:attachment":[{"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/media?parent=148118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/categories?post=148118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sandbox2.institutopmg.com\/en\/wp-json\/wp\/v2\/tags?post=148118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}