Risk Management Strategy: Risk Mitigation Strategies

812 Words4 Pages
Mitigation is the most commonly considered risk management strategy. In this step, all risks that have been considered unacceptable are mitigated. However, the goal of this step is to come up with risk mitigation strategies that are not only going to reduce the risk but that are also going to be cost-effective.

Mitigation Strategies
Risk mitigation options can include:
• avoiding risks;
• Reducing the risks by applying appropriate controls;
• knowingly and objectively accepting risks; and
• transferring or sharing the risks to other parties, e.g., insurers or suppliers.

Factors to consider for reducing (mitigating) the risks (Berg, 2010):
• Can the likelihood of the risk occurring be reduced? (through preventative maintenance, or quality
…show more content…
In this final step, it would be beneficial for board members and senior management to consolidate the impact and likelihood associated with each risk; showing the residual risk after the risk management strategy was implemented (Elky, 2006). The next section focuses on risk management methods and frameworks

There are many risk management best practices and standards specifically for assessing risks in IT Security. The following are some of the most comprehensive approaches to risk management.


The National Institute of Standards and Technology Risk Management Framework was developed for managing risks in IT systems.
This framework is extremely comprehensive and consists of the following steps:
• Step 1 - System Characterization;
• Step 2 - Threat Identification;
• Step 3 - Vulnerability Identification;
• Step 4 Control Analysis;
• Step 5 Likelihood Determination;
• Step 6 Impact Analysis;
• Step 7 Risk Determination;
• Step 8 Control Recommendations; and
• Step 9 Results Documentation.
…show more content…
ISACA develops international Information Systems (IS) audit and control standards. The Risk IT framework covers all IT-related risks, including:
• Late project delivery;
• Not achieving enough value from IT;
• Compliance;
• Misalignment;
• Obsolete or inflexible IT architecture;
• IT service delivery problems;
• Risk IT extends existing frameworks developed by ISACA, namely: COBIT and Val IT; and
• The next section briefly discuss COBIT as a best practice.

COBIT, a best practice developed by ISACA which stands for Control Objectives for Information and Related Technology is a widely used guideline all over the world.
COBIT is structured in four different domains, with 34 high level processes and supporting Control Objectives. The 9th domain of Planning and Organizing’s (PO) CO addressed Risk Assessment, under the following items:
• Business Risk Assessment;
• Risk Assessment Approach;
• Risk Identification;
• Risk

More about Risk Management Strategy: Risk Mitigation Strategies

Open Document