2023 IT Examiner School
Internal Use Only
Risk Assessment: Risk Response
Internal Use Only
Risk Mitigation is Not Risk Elimination!
• Impossible to eliminate threats 100%
• Risk response is to reduce the impact or consequence of the vulnerability
• Exposure is in line with Risk Appetite
• Board aware and agree to the outcomes
One needs a process to ensure you are implementing countermeasures that actually limit risk.
Made with FlippingBook - Share PDF online