Mitigation is the term for the various methods and techniques that security experts and others can use to minimize the risk of IT failure, data theft, and other activities that compromise data, systems, and applications.
Terms related to Mitigation: Corrective Actions, IT Threat Mitigation, Risk Management.
IT threat mitigation is used to reduce the risks and issues that can impact on an organization’s IT ecosystem and the data they hold. IT threats come in several different forms including data loss, data theft, compromised systems, poorly-implemented changes, human error, and more. Threats can occur in multiple ways, including in physical hardware and infrastructure, software and apps, and data management.
There are three main approaches that IT can use to minimize threats.
Preventative IT Threat Mitigation
Stopping threats from occuring in the first place through techniques like multi-factor authentication, rigorous change controls, firewalls and antivirus, process automation, and more.
Detective IT Threat Mitigation
Using scanning and other techniques to identify and resolve potential threats before they are exploited. This might include vulnerability scanning and assessment, active monitoring, and penetration testing.
Corrective IT Threat Mitigation
Dealing with threats once they have been identified, whether they have been exploited or not. This might be through patching and maintenance, vulnerability resolution, problem management root cause fixes, or other types of security risk management.
Effective IT threat mitigation involves all of these approaches, which should be managed as part of a high-level IT risk management plan, and implemented by IT security teams and other stakeholders.