O'Reilly logo

Information Risk Management: A practitioner’s guide by Sutton, David

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7 RISK TREATMENT

Now we have completed the risk assessment process, it is time to begin to consider how to deal with the risks we have identified. The actions we take to treat risk are referred to as controls.

A control is any measure or action that modifies risk. Controls include any policy, procedure, practice, process, technology and technique, method or device that modifies or manages risk. Risk treatments either become controls, or modify existing controls, once they have been implemented.

Controls are the tools we use to take a level of inherent risk and modify it to a level that falls within the organisation’s risk appetite, at which point the organisation is willing to accept the residual risk.

This chapter begins by taking an overview ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required