Managing Information Security Risks: The OCTAVESM Approach

10.5. Create Risk Mitigation Plans

This activity marks a transition from the strategic view of risk to a more tactical, or operational, view. Rather than identifying long-term initiatives that result in organizational security improvement, you develop risk mitigation plans that directly reduce risks to your organization's critical assets. The focus shifts from the organization to critical assets.

Risk Mitigation Plans

Risk mitigation plans are intended to reduce the risks to critical assets. These plans tend to incorporate actions, or countermeasures, designed to overcome the threats to the assets. In some cases these mitigation actions can be directed toward reducing the impact on the organization, but most often you reduce the risk to a critical ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Information Security Risks: The OCTAVESM Approach by Christopher Alberts, Audrey Dorofee

10.5. Create Risk Mitigation Plans

Risk Mitigation Plans

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly