Chapter 11. Turning Your Risk Assessment into a Risk Mitigation Plan
ONCE THE RISK ASSESSMENT IS COMPLETE and approved, the next step is to create a risk mitigation plan. This plan will implement the approved countermeasures. If much time has passed since the risk assessment was completed, you may have to check some of the findings to ensure they are still valid. For example, some threats or vulnerabilities may have disappeared.
A significant part of the risk mitigation plan is the identification of costs. Ideally, the risk assessment will already have identified the costs, but some hidden costs may have been overlooked. If you discover additional costs, you'll need to recalculate the cost-benefit analysis. Lastly, it's important to follow up on ...
Get Managing Risk in Information Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.