An organization has decided to implement additional security controls to treat the risks of a new
process. This is an example of:
A.
eliminating the risk.
B.
transferring the risk.
C.
mitigating the risk.
D.
accepting the risk.
Explanation:
Risk can never be eliminated entirely. Transferring the risk gives it away such as buying insurance
so the insurance company can take the risk. Implementing additional controls is an example of
mitigating risk. Doing nothing to mitigate the risk would be an example of accepting risk.