Explanation should include the following:
- Unmanaged risk can cause loss.
- Every organization is vulnerable to common and unique types of threats.
- Organizations must identify vulnerable areas, along with the potential for actual threats, so they can plan operations to reduce the effects of those threats.
Because all threats cannot be completely eliminated, organizations must address responses to threats and plans for continuous business operations.