You are working in an enterprise. You project deals with important files that are stored on the
computer. You have identified the risk of the failure of operations. To address this risk of failure,
you have guided the system administrator sign off on the daily backup. This scenario is an
example of which of the following?
A.
Risk avoidance
B.
Risk transference
C.
Risk acceptance
D.
Risk mitigation
Explanation:
Mitigation is the strategy that provides for the definition and implementation of controls to address
the risk described. Here in this scenario, you are trying to reduce the risk of operation failure by
guiding administrator to take daily backup, hence it is risk mitigation.
Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable
level. Risk mitigation can utilize various forms of control carefully integrated together. The main
control types are:
Managerial(e.g.,policies)
Technical (e.g., tools such as firewalls and intrusion detection systems)
Operational (e.g., procedures, separation of duties)
Preparedness activities
Answer B is incorrect. The scenario does not describe the sharing of risk. Transference is the
strategy that provides for sharing risk with partners or taking insurance coverage.
Answer A is incorrect. The scenario does not describe risk avoidance. Avoidance is a strategy
that provides for not implementing certain activities or processes that would incur risk.
Answer C is incorrect. The scenario does not describe risk acceptance, Acceptance is a strategy
that provides for formal acknowledgement of the existence of a risk and the monitoring of that risk.