19 lines
1.1 KiB
Markdown
19 lines
1.1 KiB
Markdown
|
||
The CISSP study guide gives the following 'Risk responses' in Domain 1 (§1.9.3):
|
||
|
||
- Reduce or mitigate – implementation of safeguards and countermeasures to eliminate vulnerabilities or block threats
|
||
- Assign or transfer – placement of the cost of loss onto another entity; insurance and outsourcing are common forms
|
||
- Accept – analysis shows countermeasure costs would outweigh the possible cost of loss; also management has agreed to accept the consequences
|
||
- Deter – implementing deterrents to would-be violators of security and policy
|
||
- Avoid – selecting alternate options or activities that have less associated risk
|
||
- Reject or ignore – unacceptable
|
||
|
||
|
||
PMP Concepts ([source](https://www.pmlearningsolutions.com/blog/announcement-ppm-launching-pmp-concept-learning-series)) lists "three proactive approaches to handling a negative risk":
|
||
|
||
* Avoid – eliminate the risk
|
||
* Transfer – shift the impact to a 3rd party
|
||
* Mitigate – decrease the probability or impact
|
||
|
||
See also [Examples of Risk Avoidance](Information%20Security/Examples%20of%20Risk%20Avoidance.md).
|
||
|