Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.2 Risk management in practice

Photograph of three people sky diving.
Figure 10

Having analysed the situation, the next stage is to decide what to do about the risks.

For each risk to be managed, we need to identify what cost-effective countermeasures can be applied. Possible countermeasures are:

  • Avoiding the risk – avoidance would mean stopping the activity that is causing the risk. For example, deleting all banking information and unsubscribing from internet banking would avoid the risks associated with the information assets related to banking.
  • Modifying the risk (likelihood and/or impact) – this involves choosing and implementing a security mechanism that reduces the likelihood of a successful attack, or the impact that would result from such an attack. For example, installing an up to date antivirus application can prevent the attacker from using malware to gain access to the computer holding the internet banking information.
  • Transferring the risk to others – typically involves taking out insurance to cover any losses in the event the threat materialises.
  • Accepting the risk – would mean choosing not to implement any of these countermeasures, choosing instead to monitor the information asset for any attacks.

Consider risks identified in the qualitative risk analysis. Choose one of your information assets and decide on which countermeasures you would apply in this case.