Chapter 8 - Risk Evaluation and Mitigation Strategies
Mitigate
limit the exposure in some way (Reduce Likelihood or decreasing sensitivity
Risk Planning
develops a plan to prioritize, implement, and maintain controls
Items to document
1. Action (avoid, accept, Mitigate, transfer) 2. Mitigation/Remediation Plan (Dates, Owners) 3. Status (draft, review, pending, approval, expired, not active) 4. Risk Description 5. Risk Rating 6. Risk Exception Details
General Categories of risk Mitigation
1. Risk Alleviation 2. Risk Limitation 3. Risk Planning
Options for Addressing Risk
Avoid Accept Mitigate Transfer
Avoid
Ceasing all activity that is presenting the risk
Risk Alleviation
Implements controls to prevent the threat/vulnerability
Risk Limitation
Limits the likelihood or effects with controls
Accept
Making the formal decision not to do anything and accept the risk as it is
Risk Evaluation
Prioritizing Risk which need to be addresses and how.
Transfer
Purchasing insurance to cover a breach
Risidual Risk
Remaining risk exposure level after implementing the recommended controls.