Back to glossary

Risk Mitigation

The process of developing options and actions to enhance opportunities and reduce threats to project objectives.

Categorysecurity

Overview

Risk Mitigation is a strategy to prepare for and lessen the effects of threats faced by a business. It involves taking steps to reduce the likelihood of a risk occurring or the impact if it does.

Risk Treatment Options

  • Avoidance: Changing plans to eliminate the risk entirely.
  • Reduction (Mitigation): Implementing controls to lower the likelihood or impact (e.g., installing a firewall).
  • Transference: Shifting the risk to a third party (e.g., buying cyber insurance).
  • Acceptance: Acknowledging the risk and deciding not to take action (usually for low-impact risks).

Continuous Monitoring

Risk mitigation is not a one-time event; it requires ongoing monitoring to ensure that controls remain effective and that new risks are identified.

Related Terms

Risk AssessmentCompliance