Chapter 2: IS Governance and Risk Management - Risk Handling

I was fairly familiar with the terms used in this portion of chapter two because I took a risk management class earlier in my college career. Basically, companies have various methods of handing risk available to them such as avoidance, transfer, mitigation, and acceptance. Each method has various costs associated with it. Risk transfer is the safest, but it is improbable that every single risk needs to be transferred. Avoidance is the easiest to use in my opinion, but you cannot always avoid every single aspect of a risk. This is where mitigation comes into play. The company will introduce measures to reduce the risk. A firewall is a good example of mitigation. Acceptance merely means that the risk is simply just dealt with and nothing to protect against it is used. If a risk is accepted, it is usually a small risk with not very many negative consequences associated with it. If the loss is not that big of a deal and the countermeasure is considerably more expensive than the loss, then this risk handling measure would be used.