To mitigate the risks of application information loss and bring them to a more acceptable level (from high to low), apply practical data loss protection safeguards. To determine which tools are cost-effective, conduct a cost-benefit analysis to determine their return on investment (ROI).
The data loss protection safeguard options having the highest positive ROI should be considered. The options having a negative ROI are not cost-effective and therefore should not be considered. From this list, select data loss protection safeguards for implementation, such as mandating stronger passwords and data encryption.
If a new protective technology emerges for the same threat, resulting in data loss implementation costs that cost less, this step must be repeated to find out if the safeguard will result in a positive ROI. This may change the order of priority of all protective tools with respect to their ROI.