The IT Law Wiki

This wiki's URL has been migrated to the primary domain.Read more here


The IT Law Wiki


Risk avoidance is

[a] security philosophy which postulates that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities.[1]
[a] risk-handling option that eliminates risk by eliminating or modifying the concept, requirements, specifications, or practices that create the unacceptable risk.[2]
restructuring business processes or information systems, or ending activities to eliminate potential exposure.[3]
[r]isk response where action is taken to stop the operational process, or the part of the operational process causing the risk.[4]

Risk avoidance refers to "strategies or measures taken that effectively remove exposure to a risk."[5]


"Risk avoidance is one of a set of four commonly used risk management strategies, along with risk control, risk acceptance, and risk transfer."[6]