The IT Law Wiki

Risk treatment

32,079pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Risk treatment

can involve: (i) avoiding the risk by deciding not to start or continue with the activity that gave rise to the risk; (ii) taking or increasing risk in order to pursue an opportunity; (iii) removing the risk source; (iv) changing the likelihood; (v) changing the consequences; (vi) sharing the risk with another party or parties (including contracts and risk financing); and (vii) retaining the risks by informed decision.[1]

Overview Edit

Risk treatments that deal with negative consequences are sometime referred to as risk mitigation, risk elimination, risk prevention, or risk reduction. Risk treatment can create new risks or modify existing risks.[2]

References Edit

  1. NIST Special Publication 800-160, at B-9.
  2. Id.

Also on Fandom

Random Wiki