1 KiB
1 KiB
The CISSP study guide gives the following 'Risk responses' in Domain 1 (§1.9.3):
- Reduce or mitigate – implementation of safeguards and countermeasures to eliminate vulnerabilities or block threats
- Assign or transfer – placement of the cost of loss onto another entity; insurance and outsourcing are common forms
- Accept – analysis shows countermeasure costs would outweigh the possible cost of loss; also management has agreed to accept the consequences
- Deter – implementing deterrents to would-be violators of security and policy
- Avoid – selecting alternate options or activities that have less associated risk
- Reject or ignore – unacceptable
PMP Concepts (source) lists "three proactive approaches to handling a negative risk":
- Avoid – eliminate the risk
- Transfer – shift the impact to a 3rd party
- Mitigate – decrease the probability or impact
See also Examples of Risk Avoidance.