The IT Law Wiki
Advertisement

Definitions[]

Business[]

Mitigation is

(1) Carefully organized steps taken to reduce or eliminate the probability of a risk's occurring or the impact of a risk on a project. (2) Actions taken to eliminate or reduce risk by reducing the probability and or impact of occurrence.[1]

General[]

Mitigation is

[t]he application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.[2]

Malware[]

Mitigation is

the process of managing or controlling the effects associated with a bot. For example, if a system is infected with a spam bot, and is spewing unwanted commercial email, mitigation may consist of filtering the spam that is being emitted from that device.[3]

Military[]

Mitigation refers to

[a]ctions taken in response to a warning or after an incident occurs that are intended to lessen the potentially adverse effects on a given military operation or infrastructure.[4]

Remedies[]

See Mitigate damages.

Security[]

Mitigation is

[o]ngoing and sustained action to reduce the probability of or lessen the impact of an adverse incident. Includes solutions that contain or resolve risks through analysis of threat activity and vulnerability data, which provide timely and accurate responses to prevent attacks, reduce vulnerabilities, and fix systems.[5]

Overview[]

Mitigation measures may be implemented prior to, during, or after an incident. Mitigation measures are often informed by lessons learned from prior incidents. Mitigation involves ongoing actions that reduce exposure to, probability of, or potential loss from hazards. Mitigation can include efforts to educate governments, businesses, and the public on measures they can take to reduce loss and injury.

References[]

  1. California Office of Systems Integration, Definitions (full-text).
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs), at 23.
  4. Department of Defense, DoD Directive (DoDD) 3020.40, Glossary, at 19 (Jan. 14, 2010) (full-text).
  5. National Cyber Incident Response Plan, at M-2; see also National Infrastructure Protection Plan, at 110.

See also[]

Advertisement