C.2.4 - Internal risk management and mitigation

Internal risk management and mitigation involves all activities relating to the processes of analyzing exposure to risk and determining appropriate counter-measures. Note that risks to information and information systems associated with internal risk management and mitigation activities may inherently affect the resistance to compromise/damage and recovery from damage with respect to a broad range of critical infrastructures and key national assets.

Information types

Code Name Impact levels
Confidentiality Integrity Availability
C.2.4.1 Contingency planning Moderate Moderate Moderate
C.2.4.2 Continuity of operations Moderate Moderate Moderate
C.2.4.3 Service recovery Low Low Low