The aim of Remediation is not to suppress all the conflicts but to have them all under control.
For each identified risk, there are 4 possible solutions for remediation/mitigation.
REMEDIATION:
- Modify user authorizations/roles to remove risk.
- Change the organization’s job roles and responsibilities matrix so that the user no longer requires the access.
MITIGATION:
- Remove user authorizations/roles and give user periodic access to risk by provisioning a firefighter ID that will be appropriately monitored.
- Create and apply the appropriate mitigating or compensating control to the risk.