Definitions[]
Risk reduction (also called safeguard implementation) is the "decrease in risk through risk avoidance, risk control, or risk transfer."[1]
Risk reduction is
“ | [t]he lessening of security risk exposure to an acceptable level. This requires the identification, analysis, selection, approval, and implementation of cost-effective AIS protective measures.[2] | ” |
Overview[]
Risk reduction may be estimated during both the decision and evaluation phases of the risk management cycle. It can be accomplished by reducing vulnerability and/or consequences (damages).[3]
References[]
- ↑ DHS Risk Lexicon, at 32.
- ↑ NASA Automated Information Security Handbook, App. C.
- ↑ DHS Risk Lexicon, at 32.