The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation
shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million.
Additionally, the business unit which depends on the critical business function has determined that there is a
high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full
system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional
compensating controls. Which of the following should the CIO recommend to the finance director to minimize
financial loss?
A.
The company should mitigate the risk.
B.
The company should transfer the risk.
C.
The company should avoid the risk.
D.
The company should accept the risk.