The enterprise is addressing concerns about increased online skimming attacks by training the

software development team on secure software development practices. This is an example of risk

mitigation because it involves taking steps to reduce the likelihood or impact of the risk.

Risk Response Strategies Overview:

Risk Acceptance: Choosing to accept the risk without taking any action.

Risk Avoidance: Taking action to completely avoid the risk.

Risk Mitigation: Implementing measures to reduce the likelihood or impact of the risk.

Risk Transfer: Shifting the risk to another party (e.g., through insurance).

Explanation of Risk Mitigation:

Risk mitigation involves implementing controls and measures that will lessen the risk's likelihood or

impact.

Training the software development team on secure software development practices directly

addresses the potential vulnerabilities that could be exploited in online skimming attacks, thereby

reducing the risk.

Reference:

ISA 315 (Revised 2019), Anlage 6 discusses the importance of understanding and implementing IT

controls to mitigate risks associated with IT systems​​.