Enterprise security has become a complex and expensive affair. Securing an enterprise requires thorough knowledge of information security, dedicated skills and continuous resolve.  For many enterprises, the first step in security is conducting a risk assessment, then devising plans to reduce or evade the effects of specific risks.
Risks can be addressed in four ways:[1]

• Risk Avoidance. The costliest way to deal with a risk is to avoid it altogether. 
• Risk Acceptance. If the cost of handling the risk is more than the risk itself, then nothing is done to address that risk.
• Risk Limitation. A combination of acceptance and avoidance, some actions are taken to reduce the risk, but the risk may not be completely eliminated.
• Risk Transfer. An intelligent way of handling the risk is to shift it to someone else. One example of risk transfer is obtaining cyber insurance from a third party.

Read More