Answer: Risk reduction is an option where you take action to reduce the probability of an incident to occur (for example, by installing antivirus software you minimize chances of a computer to be infected) and/or the impact of an incident if it happens (e.g., by using backup, if by any reason you lose a file, the backup can be restored and recover part or all the information).
Risk sharing is an option when you decide either to transfer the operational management of the risk to a third party, or buy an insurance to minimize financial losses if an incident occurs. You should note that in case of risk sharing the final responsibility for the risk still remains with the organization.
This article will provide you further explanation about risk treatment options:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
These materials will also help you regarding risk treatment options:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
Apr 11, 2017