Mitigation refers to the implementation of measures to reduce the impact of a threat or to reduce the likelihood of its occurrence. Establishing additional access controls to safeguard sensitive information makes it more difficult for unauthorized users to access this information, thus reducing the potential impact of a data breach. On the other hand, transferring the risk involves shifting the responsibility to another entity, such as through insurance. Avoiding the risk would mean completely eliminating the threat, which can be unrealistic for some risks, and accepting the risk would indicate no further actions to decrease its impact.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are access controls, and how do they mitigate risks?
Open an interactive chat with Bash
How does risk mitigation differ from risk transference or acceptance?
Open an interactive chat with Bash
Why might organizations choose mitigation over risk avoidance?