Security Risk Mitigation

This chapter discusses the selection of safeguards, the compiling of safeguard solution sets, justifying the safeguard implementation, and an understanding of the security risk parameters regulating the acceptance of safeguard recommendations. Security risk mitigation can best be described as appropriately selecting security safeguards through a purposeful process. There are many approaches to the process of selecting appropriate safeguards. The security risk assessment team or the employed security risk assessment method may have its own approach that the team is comfortable and experienced using. The four different methods listed are offered as examples of methods used in the industry: missing control leads to safeguard selection; people, process, technology; the “nine-cell”; and available technology. The application of several safeguards to address a single vulnerability, or a closely related set of vulnerabilities, is the implementation of the design principle of defense in depth.