The choice a company makes for dealing with a specific risk.
The main Risk Strategies are:
Risk Avoidance.
Choosing to discontinue or not undertake an operation to avoid the risks involved. (e.g. closing or not opening a branch
in a dangerous location.)
Risk Mitigation or Risk Reduction.
Taking steps to reduce the probability or impact of a risk.
Risk Transfer.
Shifting the risk to another organization by taking out insurance, or sub-contracting an activity to another organziation.
Risk Acceptance. Recognizing the risk but choosing not to take any
specific action to control or reduce it. Self-insurance, where a company chooses
to pay for losses itself rather than take out insurance, is a form of risk
acceptance.
You are welcome to use these definitions for any purpose provided that an acknowledgement is made
to www.RiskyThinking.com and (if you're using HTML) you provide a link back to this site.
If you are an industry professional, consider subscribing to the free
Risky Thinking Newsletter for articles, insights,
and commentary on risk, business continuity, and security. It's low volume: we don't send
out the newsletter unless there is something interesting to say!