Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 59

When you consider countermeasures, you must consider that the goal of countermeasures is not always to stop an attack. There is a widely accepted risk management paradigm known as accept, avoid, mitigate, and transfer.

Accepting risk implies that you acknowledge the risk exists but consciously choose not to take further action on the risk. This is appropriate, for example, when a risk involves an inconsequential loss or has a low probability of occurring.

Avoiding risk implies that as opposed to directly addressing the risk, you find a way to make it a moot issue. For example, a company might decide that it is not worth doing business within a specific region.

Mitigating risk means that you implement specific countermeasures to address a risk.

Transferring risk implies that you will not mitigate the risk directly, but you acknowledge it occurs and choose to transfer liability. This is the primary purpose of insurance, where you choose to be financially compensated, if a loss is realized, as opposed to proactively stopping the loss.

As you examine a potential risk, you need to consider how you want to manage that risk. There are many factors that are unique to your organization, and you must determine which method of addressing risk is best for your circumstances.