Which is defined as a practice, procedure or mechanism that reduces risk?

In risk management, a safeguard is a control designed to reduce risk by lowering either the chance a threat will succeed or the impact if it does. It’s a practical measure put in place to protect assets, data, and processes. Examples include technical controls like encryption or access management, physical measures like locks and cameras, and administrative actions like policies and training. This specific nature—being a concrete control or mechanism that reduces exposure—fits the definition perfectly.

Risk mitigation refers to the broader set of activities aimed at decreasing risk, which can include safeguards but isn’t itself the concrete mechanism. Risk response covers the overall actions taken after risk is identified, including mitigation, acceptance, transfer, or avoidance. Risk transfer shifts the risk to another party (for example, via insurance) and doesn’t reduce the risk itself.