Which of the following is the MOST effective way to treat a risk such as a natural disaster that has
a low probability and a high impact level?
A.
Implement countermeasures.
B.
Eliminate the risk.
C.
Transfer the risk.
D.
Accept the risk.
Explanation:
Risks are typically transferred to insurance companies when the probability of an incident is low
but the impact is high. Examples include: hurricanes, tornados and earthquakes. Implementing
countermeasures may not be the most cost-effective approach to security management.
Eliminating the risk may not be possible. Accepting the risk would leave the organization
vulnerable to a catastrophic disaster which may cripple or ruin the organization. It would be more
cost effective to pay recurring insurance costs than to be affected by a disaster from which the
organization cannot financially recover.