Qualitative Method-Based the Effective Risk Mitigation Method in the Risk Management

In the paper, we presented the method of safeguard selection for the effective risk mitigation using a qualitative method. We provided the suitable selection method of safeguard’s method/technique according to risk type, and performed cost-benefit analysis. In the selection of the safeguard method, we recommended the suitable method among risk avoidance, transference, prevention, threats reduction and impacts reduction, etc. according to risk type. After selecting the safeguard method, we chose the safeguard technique considering organization’s IT system capability such as IT system and network structure, functionality, exclusiveness and achievability of safeguard, etc. And then, we applied the safeguard technique to the safeguard method for implement effective security technology. We performed cost-benefit analysis with candidate safeguards, considering organization’s security budget. As performing this procedure, we can decide optimal safeguards with methods and techniques against risk’s types before implementing safeguards. We also can prevent redundant works and security budgets waste as analyzing the efficiency of existing safeguard. Lastly, we reflected the organization’s CEO opinions to require special safeguards for the specific information system related to their core business.