Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Risk understanding and mitigation

Risk understanding and mitigation

Skill Definition

Risk understanding and mitigation identifies and evaluates security risks to information, systems and processes owned by the organisation, and proactively provides appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels. Principles of the skill include developing cyber and information security risk management strategies and controls, taking into account business needs and risk assessments, and balancing technical, physical, procedural and personnel controls.

Awareness

Awareness

Describes the basic principles of risk understanding and mitigation

Supports security professionals in carrying out risk assessments and developing mitigation strategies

Follows documented principles and guidelines for risk understanding and mitigation

 

 

Working

Working

Develops basic cost-effective risk management plans

Supports risk assessment and mitigation plan development

Follows documented principles and guidelines for risk understanding and mitigation

Relates risk to corporate governance, organisational strategic direction and planning

 

 

Practitioner

Practitioner

Develops complex and innovative risk management plans, enabling the organisation to deliver balanced and cost–effective risk management decisions based on advanced threat principles and concepts

Leads risk assessment and mitigation plan development

Ensures that risk is embedded into corporate governance processes and integrates risk management processes into appropriate business activities

 

 

Expert

Expert

Expert

Leads risk management within an organisation, enabling senior leadership to make effective risk-based business decisions

Leads on the provision of top-end risk understanding and mitigation advice

Integrates risk understanding and mitigation processes into appropriate business activities

Develops approaches to effectively report risks and delivers comprehensive risk assessments

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now