Mitigation occurs when assessing risk. When assessing risk there are many ways to work with the risks that are found in an organization. Risk mitigation is broken down into four techniques or strategies.
- Accept: which is to accept the given risk and deal with the consequences that the risk presents.
- Avoid: which is to avoid the risk altogether; an example would be having a business step away from related business activities that cause the risk.
- Transfer, which is to transfer the risk to another entity, such as having car insurance; if an incident arises, the insurance is there to lessen the monetary blow.
- Reduce, which is to reduce the amount of risk through having either physical or digital controls; an example is having a firewall in place to reduce the likelihood of a breach.
To learn more about this topic, watch this short video: