The IT Law Wiki

Risk reduction

32,060pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Risk reduction (also called safeguard implementation) is the "decrease in risk through risk avoidance, risk control, or risk transfer."[1]

Risk reduction is

[t]he lessening of security risk exposure to an acceptable level. This requires the identification, analysis, selection, approval, and implementation of cost-effective AIS protective measures.[2]

Overview Edit

Risk reduction may be estimated during both the decision and evaluation phases of the risk management cycle. It can be accomplished by reducing vulnerability and/or consequences (damages).[3]

References Edit

  1. DHS Risk Lexicon, at 32.
  2. NASA Automated Information Security Handbook, App. C.
  3. DHS Risk Lexicon, at 32.

Also on Fandom

Random Wiki