Risk Mitigation Details

Introduction

The Risk Mitigation page is where you define and plan your mitigation or solution to a given risk in SimpleRisk. On the page you are given fields to fill in the who, what, when, and where of your mitigation plan. Your mitigation will oftentimes be a process of researching, developing a plan, and executing that plan all of which will be tracked in the mitigation plan.

Page Breakdown

1. Risk Scores - These are your Inherent and Residual Risk scores. As a mitigation percentage increases the Residual Risk in turn will decrease proportionately. Anytime multiple mitigation percentages are present only the highest one will be calculated.
   
   

2. Mitigation Submission Date - This field will track the date the mitigation was submitted. This field does not update when the mitigation is edited or changed. 
   
   

3. Planned Mitigation Date - This field is for storing the date you plan to execute your mitigation. 
   
   

4. Planning Strategy - This field allows you to name your approach to mitigation. This field is modifiable via “Configure” at the top followed by “Add and Remove Values” on the left.
   
   

5. Mitigation Effort - This field allows you to define the amount of effort your mitigation will require to put in place. This field is modifiable via “Configure” at the top followed by “Add and Remove Values” on the left.
   
   

6. Mitigation Cost - This field allows you to assign a given range of cost for a particular mitigation. These ranges are pulled from the same ranges as Asset Valuation, these can be edited from “Configure” at the top followed by “Asset Valuation” on the left.
   
   

7. Mitigation Owner - This field allows you to set an owner of the mitigation. This field can be utilized by the Notification extra to notify only a mitigator for a particular action or report.
   
   

8. Mitigation Team - This allows you to select and name a mitigating team responsible for the mitigation. This field helps to create a shared responsibility for mitigations and can help with better reporting on groups of risks.
   
   

9. Mitigation Percent - This field is for defining what percentage or how much of the risk is being mitigated by the current mitigation. This field is one of two ways the residual risk can be lowered. Any time both a mitigation percentage and a control mitigation percentage are present only the highest percentage between the two is calculated against the residual risk.
   
   

10. Mitigation Control - This dropdown allows you to select one or more controls to mitigate the risk. If multiple controls are selected that have mitigation percentages again only the highest one will be used to calculate the residual risk. Once added any control selected will be displayed on the mitigation.
    
    

11. Current Solution - This long text field allows you to outline the current solution for a given mitigation or how you are currently mitigating the risk. 
    
    

12. Security Requirements - This field allows you to outline any security requirements necessary to bring the risk in line with tolerance. This may be as simple as enacting a control, process, or standard. This can also be used to describe requirements specific to the given risk that may be outside or beyond what a given mitigation control calls for.
    
    

13. Security Recommendations - This field is for detailing controls that are not deemed requirements, but that could add additional layers of defense-in-depth for further risk mitigation.
    
    

14. Supporting Documentation - This is yet another place supporting documentation can be uploaded. This button is specific to the mitigation you are currently viewing and will upload files and make them available for download for anyone who has access to the mitigation.
    
    

15. Cancel - This button allows you to cancel the current mitigation being entered or revert any changes if editing a previously defined mitigation.
    
    

16. Save Mitigation - This button will save the information currently entered in the mitigation. 
    
    

17. Comments - This section is there to store information that doesn’t otherwise fit in an already described field or to provide updates specific to this risk/mitigation. 
    
    

18. Audit Trail - The audit trail allows you to see all of the changes made to a given risk, who made them, and when they were done.

Summary

The Mitigation details page in SimpleRisk is where you store your effective solution to a given risk. This page should have served to answer all questions related to planning a mitigation but if you feel anything has been missed or just seek further clarification please reach out to us at support@simplerisk.com.