Chapter 6. Mitigating security risk
The best diplomat that I know is a fully-loaded phaser bank. — Lt. Cdr. Montgomery Scott
"A Taste of Armageddon," Star Trek, Stardate 3192.1
The decision to invoke a particular risk mitigation strategy for a unique threat is in part dependent on the answers to five questions:
1. What is the likelihood or potential for threat occurrence?
2. What is the vulnerability to loss assuming a threat does occur?
3. Do the consequences of a threat merit mitigation (i.e., what will be the impact of an occurrence)?
4. What methods of risk mitigation are available?
5. Can my company afford the required mitigation and/or are there less expensive options to manage the risk associated with a ...