Definitions[]
Risk avoidance is
“ | [a] security philosophy which postulates that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities.[1] | ” |
“ | [a] risk-handling option that eliminates risk by eliminating or modifying the concept, requirements, specifications, or practices that create the unacceptable risk.[2] | ” |
“ | restructuring business processes or information systems, or ending activities to eliminate potential exposure.[3] | ” |
“ | [r]isk response where action is taken to stop the operational process, or the part of the operational process causing the risk.[4] | ” |
Risk avoidance refers to "strategies or measures taken that effectively remove exposure to a risk."[5]
Overview[]
"Risk avoidance is one of a set of four commonly used risk management strategies, along with risk control, risk acceptance, and risk transfer."[6]
References[]
- ↑ OPSEC Glossary of Terms.
- ↑ Department of Defense, Glossary of Defense Acquisition Acronyms and Terms (14th ed. July 2011) (full-text).
- ↑ Electricity Subsector Cybersecurity Risk Management Process, App. G, at 84.
- ↑ Playbook: Enterprise Risk Management for the U.S. Federal Government, at 103.
- ↑ DHS Risk Lexicon, at 28.
- ↑ Id.