Definitions[edit | edit source]

Business[edit | edit source]

Mitigation is

(1) Carefully organized steps taken to reduce or eliminate the probability of a risk's occurring or the impact of a risk on a project. (2) Actions taken to eliminate or reduce risk by reducing the probability and or impact of occurrence.[1]

General[edit | edit source]

Mitigation is

[t]he application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.[2]

Malware[edit | edit source]

Mitigation is

the process of managing or controlling the effects associated with a bot. For example, if a system is infected with a spam bot, and is spewing unwanted commercial email, mitigation may consist of filtering the spam that is being emitted from that device.[3]

Military[edit | edit source]

Mitigation refers to

[a]ctions taken in response to a warning or after an incident occurs that are intended to lessen the potentially adverse effects on a given military operation or infrastructure.[4]

Remedies[edit | edit source]

See Mitigate damages.

Security[edit | edit source]

Mitigation is

[o]ngoing and sustained action to reduce the probability of or lessen the impact of an adverse incident. Includes solutions that contain or resolve risks through analysis of threat activity and vulnerability data, which provide timely and accurate responses to prevent attacks, reduce vulnerabilities, and fix systems.[5]

Overview[edit | edit source]

Mitigation measures may be implemented prior to, during, or after an incident. Mitigation measures are often informed by lessons learned from prior incidents. Mitigation involves ongoing actions that reduce exposure to, probability of, or potential loss from hazards. Mitigation can include efforts to educate governments, businesses, and the public on measures they can take to reduce loss and injury.

References[edit | edit source]

  1. California Office of Systems Integration, Definitions (full-text).
  2. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  3. U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs), at 23.
  4. Department of Defense, DoD Directive (DoDD) 3020.40, Glossary, at 19 (Jan. 14, 2010) (full-text).
  5. National Cyber Incident Response Plan, at M-2; see also National Infrastructure Protection Plan, at 110.

See also[edit | edit source]

Community content is available under CC-BY-SA unless otherwise noted.