C.2.4 - Internal risk management and mitigation
Internal risk management and mitigation involves all activities relating to the processes of analyzing exposure to risk and determining appropriate counter-measures. Note that risks to information and information systems associated with internal risk management and mitigation activities may inherently affect the resistance to compromise/damage and recovery from damage with respect to a broad range of critical infrastructures and key national assets.
Information types
| Code | Name | Impact levels | ||
|---|---|---|---|---|
| Confidentiality | Integrity | Availability | ||
| C.2.4.1 | Contingency planning | Moderate | Moderate | Moderate |
| C.2.4.2 | Continuity of operations | Moderate | Moderate | Moderate |
| C.2.4.3 | Service recovery | Low | Low | Low |