Chapter 17 l Risk 169 Risk Program Components Although the roles and programs will differ, risk programs have several common components: l l l l Risk analysis Risk assessment and risk rating Risk mitigation Risk reporting Each component is necessary for a successful program. Organizations such as ASIS International, standards organizations, and government agencies all offer many stan- dards and documents to help manage a risk program. The goal of this chapter is to provide an understanding of the methodology for risk programs and examples of the application of risk concepts. The security professional must then apply this understanding to the unique situations he or she will encounter. The outline of a program and its com- ponents, included here, represents an attempt to define as many general areas found in security risk programs as possible and is by no means meant to capture every example and nuance of risk review and/or mitigation strategy.