Enterprise security has become a complex and expensive affair. Securing an enterprise requires thorough knowledge of information security, dedicated skills and continuous resolve. For many enterprises, the first step in security is conducting a risk assessment, then devising plans to reduce or evade the effects of specific risks.
Risks can be addressed in four ways:[1]
- Risk Avoidance. The costliest way to deal with a risk is to avoid it altogether.Â
- Risk Acceptance. If the cost of handling the risk is more than the risk itself, then nothing is done to address that risk.
- Risk Limitation. A combination of acceptance and avoidance, some actions are taken to reduce the risk, but the risk may not be completely eliminated.
- Risk Transfer. An intelligent way of handling the risk is to shift it to someone else. One example of risk transfer is obtaining cyber insurance from a third party.