How do preventive and mitigative controls complement each other?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Risk Management Temple Exam 2. Study with interactive quizzes, flashcards, and detailed explanations for each question. Boost your readiness and confidence for the exam!

Multiple Choice

How do preventive and mitigative controls complement each other?

Explanation:
Preventive and mitigative controls work together to reduce risk by addressing both the chance that something will go wrong and the impact if it does. Preventive controls aim to stop events from occurring in the first place, lowering the likelihood. Examples include strong access controls, input validation, and proper separation of duties. Mitigative controls are activated when prevention fails or is insufficient, and they limit the damage or reduce the likelihood of continued loss—think backups, disaster recovery plans, incident response, and insurance. Since risk is a function of both probability and impact, combining these controls lowers overall risk more effectively than relying on one type alone. They create defense in depth: prevention reduces the probability of an incident, while mitigation minimizes consequences and speeds recovery if an incident happens. They’re not replacements for each other, and there isn’t a universal rule that one always outweighs the other; the best approach uses both to achieve a lower residual risk.

Preventive and mitigative controls work together to reduce risk by addressing both the chance that something will go wrong and the impact if it does. Preventive controls aim to stop events from occurring in the first place, lowering the likelihood. Examples include strong access controls, input validation, and proper separation of duties. Mitigative controls are activated when prevention fails or is insufficient, and they limit the damage or reduce the likelihood of continued loss—think backups, disaster recovery plans, incident response, and insurance.

Since risk is a function of both probability and impact, combining these controls lowers overall risk more effectively than relying on one type alone. They create defense in depth: prevention reduces the probability of an incident, while mitigation minimizes consequences and speeds recovery if an incident happens. They’re not replacements for each other, and there isn’t a universal rule that one always outweighs the other; the best approach uses both to achieve a lower residual risk.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy