Risk treatment

Risk treatment looks at each individual risk by the risk owner who is the best person to classify the asset; they will then decide what action is best to take to reduce the risk to the company. The risk will then be included in the company's risk register so that it can be monitored. New risks should be recorded in the risk register immediately and the risk register should be reviewed every six months as risks change frequently as technology changes.

Residual risk is the amount of risk remaining after you mitigate the risk. Remember you cannot eliminate a risk totally.
  • Risk acceptance is evaluating the risk and then deciding not to take any action as you believe the probability of it happening is very low or the impact is ...

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.