The IT Law Wiki
The IT Law Wiki

Definitions[]

Risk reduction (also called safeguard implementation) is the "decrease in risk through risk avoidance, risk control, or risk transfer."[1]

Risk reduction is

[t]he lessening of security risk exposure to an acceptable level. This requires the identification, analysis, selection, approval, and implementation of cost-effective AIS protective measures.[2]

Overview[]

Risk reduction may be estimated during both the decision and evaluation phases of the risk management cycle. It can be accomplished by reducing vulnerability and/or consequences (damages).[3]

References[]