2.2 Carry out appropriate risk mitigation strategies
Once a thorough risk assessment has been performed, mitigation, avoidance, assignment, or acceptance solutions need to be selected and implemented. This section discusses several aspects of carrying out appropriate risk mitigation strategies.
Implement security controls based on risk
For most organizations, there is not an unlimited budget, especially in the area of security. Thus, prioritizing security dollars is important. Security controls should be implemented based on risk. Once the calculation of an ALE is made for each asset and threat, a priority order of need is established. The combination of asset and threat that produces the largest ALE is the most important security concern for ...