Managing Risk in Information Systems, 3rd Edition

Following Up on the Risk Mitigation Plan

An important part of management is follow-up to ensure that plans are implemented as expected, and the risk management plan is no exception. When following up on risk mitigation plans, the following two elements should be included:

Ensuring countermeasures have been implemented
Ensuring security gaps have been closed

Ensuring Countermeasures Have Been Implemented

The primary tool used to ensure countermeasures are implemented is the POAM. The POAM is created with the risk assessment, but it is a living document because managers update it regularly. As the risk assessment transforms into a risk mitigation plan, the POAM document expands.

The POAM includes all the approved countermeasures and their ...

Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Risk in Information Systems, 3rd Edition by Darril Gibson, Andy Igonor

Following Up on the Risk Mitigation Plan

Ensuring Countermeasures Have Been Implemented

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly