Risk Management Framework (RMF) (NIST): The National Institute of Standards and Technology (NIST) framework for managing information security risks in federal agencies. It provides a systematic and repeatable process for identifying, evaluating, and mitigating risks to information systems and data. Examples of agencies using the RMF include the Department of Defense and the Department of Homeland Security.

Risk Management Metrics: Quantitative measures that are used to assess the effectiveness of risk management efforts across an organization. These metrics can include factors such as risk exposure, control effectiveness, incident frequency, and response times, aiding in evaluating how well risks are being managed.

Risk Map: A graphical representation of the risks that an organization faces, providing a visual depiction of their likelihood and the magnitude of their impact. It can help to prioritize risks based on their potential impact and probability of occurrence. Risk maps are often used as a tool for communicating risks within the organization, making it easier for all stakeholders to understand the risk landscape.

Risk mitigation: The process of taking actions to reduce the likelihood or impact of a risk. Mitigation strategies can range from preventive actions aimed at avoiding the risk to contingency plans prepared for dealing with the impact should the risk materialize. The goal of risk mitigation is to acceptably reduce the possibility and consequences of an adverse event.

Risk owner: An individual or entity that is responsible for managing a particular risk. This includes monitoring the risk, implementing controls to mitigate it, and taking appropriate action if the risk materializes. Assigning a risk owner ensures accountability and improves the effectiveness of risk management activities within an organization.

Risk portfolio view: A comprehensive and consolidated view of all the risks within an organization. It aids in understanding the collective impact of multiple risks on the organization's strategic objectives. This view allows organizations to manage interdependent risks holistically rather than treating each risk as an isolated entity, thereby improving decision-making related to risk management.