Risk Management, as defined in the UVA Policy IRM-004: Information Security of University Technology Resources, is: the process to identify, control and manage the impact of potential harmful events, commensurate with the value of the protected assets. Risk management includes impact analysis, risk assessment, and continuity planning.