CHAPTER 6: RISK MITIGATION STRATEGY

Armed with an understanding of the risks and recommended controls, senior management will want to know when and how to take action; this comes down to prioritising the threats and assembling an arsenal of control weapons to make it harder for risk sources to attack a vulnerability. Some risks, where loss is too great to contemplate, require immediate remedial action, while others require turning existing measures up a notch, or ensuring existing policies are being followed.

Directors can protect their assets and themselves by choosing strong and relevant security controls for their information systems, and the first stop involves baseline controls. Baseline controls are the initial security controls recommended ...

Get Managing Information Risk: A Director's Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.