nerdexam
Isaca

CDPSE · Question #392

An organization is considering whether to expand its operations into additional international jurisdictions. After performing a privacy risk assessment, the organization decides not to begin operating

The correct answer is A. Risk avoidance. CDPSE/ISACA risk response taxonomy defines risk avoidance as deciding not to engage in the activity that gives rise to the risk. Reduction/mitigation (B/D) means proceed with controls; acceptance (C) means proceed without additional treatment. Not expanding is classic avoidance.

Privacy Governance

Question

An organization is considering whether to expand its operations into additional international jurisdictions. After performing a privacy risk assessment, the organization decides not to begin operating in those jurisdictions. Which of the following BEST describes this type of risk response?

Options

  • ARisk avoidance
  • BRisk reduction
  • CRisk acceptance
  • DRisk mitigation

How the community answered

(26 responses)
  • A
    96% (25)
  • B
    4% (1)

Explanation

CDPSE/ISACA risk response taxonomy defines risk avoidance as deciding not to engage in the activity that gives rise to the risk. Reduction/mitigation (B/D) means proceed with controls; acceptance (C) means proceed without additional treatment. Not expanding is classic avoidance. Key CDPSE-aligned phrasing (short extract): "Risk avoidance: Discontinue or do not initiate activities that create risk."

Topics

#Privacy Risk Management#Risk Response#Risk Avoidance#Strategic Decision-Making

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice