Your
company is covered under a liability insurance policy, which provides various liability coverage for
information security risks, including any physical damage of assets, hacking attacks, etc. Which of the
following risk management techniques is your company using?
A.
Risk acceptance
B.
Risk avoidance
C.
Risk transfer
D.
Risk mitigation
Explanation:
Risk transfer is the practice of passing risk from one entity to another entity. In other
words, if a company is covered under a liability insurance
policy providing various liability coverage for information security risks, including any physical
damage of assets, hacking attacks, etc., it means
it has transferred its security risks to the insurance company.Answer option B is incorrect. Risk avoidance is the practice of not performing an activity that could
carry risk. Avoidance may seem the answer
to all risks, but avoiding risks also means losing out on the potential gain that accepting (retaining)
the risk may have allowed.
Answer option D is incorrect. Risk mitigation is the practice of reducing the severity of the loss or
the likelihood of the loss from occurring.
Answer option A is incorrect. Risk acceptance is the practice of accepting certain risk(s), typically
based on a business decision that may also
weigh the cost versus the benefit of dealing with the risk in another way.