Risk avoidance

Definitions[]

Risk avoidance is

“

[a] security philosophy which postulates that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities.^[1]

”

“

[a] risk-handling option that eliminates risk by eliminating or modifying the concept, requirements, specifications, or practices that create the unacceptable risk.^[2]

”

“

restructuring business processes or information systems, or ending activities to eliminate potential exposure.^[3]

”

“

[r]isk response where action is taken to stop the operational process, or the part of the operational process causing the risk.^[4]

”

Risk avoidance refers to "strategies or measures taken that effectively remove exposure to a risk."^[5]

Overview[]

"Risk avoidance is one of a set of four commonly used risk management strategies, along with risk control, risk acceptance, and risk transfer."^[6]

References[]

↑ OPSEC Glossary of Terms.
↑ Department of Defense, Glossary of Defense Acquisition Acronyms and Terms (14th ed. July 2011) (full-text).
↑ Electricity Subsector Cybersecurity Risk Management Process, App. G, at 84.
↑ Playbook: Enterprise Risk Management for the U.S. Federal Government, at 103.
↑ DHS Risk Lexicon, at 28.
↑ Id.

[1] OPSEC Glossary of Terms.

[2] Department of Defense, Glossary of Defense Acquisition Acronyms and Terms (14th ed. July 2011) (full-text).

[3] Electricity Subsector Cybersecurity Risk Management Process, App. G, at 84.

[4] Playbook: Enterprise Risk Management for the U.S. Federal Government, at 103.

[5] DHS Risk Lexicon, at 28.

[6] Id.

[1]

[2]

[3]

[4]

[5]

[6]