A security incident happens three times a year on a company’s web server costing the company
$1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled
to be decommissioned in five years. The cost of implementing software to prevent this incident
would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST
cost-effective manner to deal with this risk?
A.
Avoid the risk
B.
Transfer the risk
C.
Accept the risk
D.
Mitigate the risk