7 RISK TREATMENT
Now we have completed the risk assessment process, it is time to begin to consider how to deal with the risks we have identified. The actions we take to treat risk are referred to as controls.
A control is any measure or action that modifies risk. Controls include any policy, procedure, practice, process, technology, technique, method or device that modifies or manages risk. Risk treatments either become controls or modify existing controls once they have been implemented.
However, some controls may monitor risks without actually modifying them in order to ensure predictability of the process. Actual risk modification then only occurs if the monitoring activity detects results that deviate from those expected.
Controls are ...
Get Information Risk Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
