2023 IT Examiner School

Risk Mitigation: Controls

• Risk response is achieved using Controls. • Administrative, Technical, Physical • Safeguard: Deterrents or Preventives • Countermeasures: Detective or Correctives

• Controls must have specific objectives associated with them.

• Controls must be measurable.

Risk Mitigation & Response

• Risk Assessment will dictate the appropriate risk response. • Reduce • Accept • Transfer • Avoidance • Rejection (not appropriate)