What is the primary goal of risk management in Module 2?

Risk management aims to protect assets by systematically uncovering threats, evaluating how likely they are and how severe their impact would be, and then applying controls to reduce that risk to an acceptable level. The best description of the primary goal is to identify, assess, and mitigate risks to assets. Eliminating all risk isn’t feasible in practice; some residual risk remains after controls are applied, and the purpose is to lower risk to an acceptable level. Increasing complexity of systems and maximizing downtime are not objectives of risk management—they can introduce more risk and reduce system availability. In Module 2, the process typically involves identifying risks, assessing them, prioritizing responses, implementing mitigations, and monitoring outcomes.