Remediation vs. Mitigation 2.0

The aim of Remediation is not to suppress all the conflicts but to have them all under control.

For each identified risk, there are  4 possible solutions for remediation/mitigation.

REMEDIATION:

  • Modify user authorizations/roles to remove risk.
  • Change the organization’s job roles and responsibilities matrix so that the user no longer requires the access.

MITIGATION:

  • Remove user authorizations/roles and give user periodic access to risk by provisioning a firefighter ID that will be appropriately monitored.
  • Create and apply the appropriate mitigating or compensating control to the risk.Slide15
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s