Risk Response



In risk avoidance, an organization takes steps to ensure that risk has been completely eliminated, or reduced to zero, by terminating the process, activity, or application that is the source of the risk.


In risk transference, the organization moves the responsibility for managing risk to another organization, such as an insurance company, cloud service provider, or other outsourcing provider.


In risk mitigation, the organization implements controls and countermeasures to reduce the likelihood and impact of risk, with the goal of reducing the potential effects so that they are below the organization's risk threshold.


In risk acceptance, after the organization identifies and analyzes a risk, it determines that the risk is within acceptable limits, so no additional action is required.