According to the ISACA CISA Review Manual Risk Management is the process of identifying vulnerabilities and threats to the information resources ..., Maureen Cutajar