Previously, I’ve talked about four primary risk treatment options: mitigate, avoid, accept, and transfer.
Over the history of the security industry, we’ve tended to focus on mitigation. Implementing controls is where the action is.
As IT has largely become a consumption model, I would argue that risk transfer is catching up with mitigation and becoming a primary approach for many companies. The new world of security is a more streamlined model that involves transferring many types of risk—and many of the associated controls—to third parties in a variety of ways.
Read the full article published February 7, 2018 here: https://www.securityweek.com/risky-business-part-3-beauty-risk-transfer by Security Week.