Risk treatment involves deciding on strategies and controls to deal with cyber-risks, and starts with identification of treatments for selected risks. After identifying treatments we assess their effect and consider whether the residual risk is acceptable. If it is, the documentation is finalized and the process terminates, otherwise we need to go back and do another iteration of the treatment identification. This chapter concludes the running example by demonstrating the risk treatment step based on the risk evaluation results from Chap. 9.
CITATION STYLE
Refsdal, A., Solhaug, B., & Stølen, K. (2015). Risk treatment. In SpringerBriefs in Computer Science (Vol. 0, pp. 97–103). Springer. https://doi.org/10.1007/978-3-319-23570-7_10
Mendeley helps you to discover research relevant for your work.