Turning a Risk Assessment into a Risk Mitigation Plan |
CHAPTER |
ONCE THE RISK ASSESSMENT HAS BEEN COMPLETED and approved, the next step is to create a risk mitigation plan. This plan will implement the approved countermeasures. If much time has passed since the risk assessment was completed, the findings should be checked to ensure they are still valid. For example, some threats or vulnerabilities may have disappeared.
A significant part of the risk mitigation plan is the identification of costs. Ideally, the risk assessment will already have identified the costs, but some hidden costs may have been overlooked. If additional costs are discovered, the cost-benefit analysis will need to be recalculated. Lastly, it’s important to follow up on the risk mitigation plan, which includes ensuring that all the approved countermeasures are implemented and the countermeasures mitigate the risks as expected.
This chapter covers the following topics and concepts:
When you complete this chapter, you will be able to: