The IT Law Wiki

Risk reduction

32,638pages on
this wiki
Add New Page
Talk0 Share

Definitions Edit

Risk reduction (also called safeguard implementation) is the "decrease in risk through risk avoidance, risk control, or risk transfer."[1]

Risk reduction is

[t]he lessening of security risk exposure to an acceptable level. This requires the identification, analysis, selection, approval, and implementation of cost-effective AIS protective measures.[2]

Overview Edit

Risk reduction may be estimated during both the decision and evaluation phases of the risk management cycle. It can be accomplished by reducing vulnerability and/or consequences (damages).[3]

References Edit

  1. DHS Risk Lexicon, at 32.
  2. NASA Automated Information Security Handbook, App. C.
  3. DHS Risk Lexicon, at 32.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.