Risk Mitigation Actions
Step 12 in the recommended risk assessment process is "Take risk mitigation actions". This page expands on that step.
Risk mitigation procedures: - under step 12
- Rank actions - Sort threats according to risk level determined in step 4 of the risk assessment process.
- Evaluate practical and most useful control options listed in step 6 of the risk assessment process. Determine the most cost effective control options by estimating cost of implementation vs reduction of risk.
- Determine the highest priority for control options to be added and select them for further action.
- Assign responsibility for the implementation of control options to specific individuals based on skill set and areas of responsibility. Identify required resources to implement the control options.
- Create a Program Plan/Project Charter to implement the identified control options listing required resources including staff members or teams required to implement the identified control options.
- Implement the control options while monitoring the systems to be sure the control options work as planned and do not interfere with the operation of the system. The control options should first be implemented in a test environment where possible and practical.