Definition: a process of measuring or assessing the vulnerability to hazards, threats, or dangers, and subsequent development of strategies to minimize the overall levels of each. Extended Definition: process includes identification, analysis, mitigation plan development, testing, evaluation of safeguards, security review, and monitoring. Annotation: Risk management primarily strives to reduce or eliminate risk through mitigative measures (avoiding the risk or reducing the negative effect of the risk), but also includes the concepts of acceptance and/or transfer of responsibility for the risk as appropriate. Risk management principles acknowledge that, while risk often cannot be eliminated, actions can usually be taken to reduce risk. Example: Risk management framework establishes the process for combining consequence, vulnerability, and threat information to produce a comprehensive, systematic, and rational assessment of risk that drives risk reduction activities. (DHS, Lexicon, 19Oct07, 23-24)