CDPSE · Question #392
An organization is considering whether to expand its operations into additional international jurisdictions. After performing a privacy risk assessment, the organization decides not to begin operating
The correct answer is A. Risk avoidance. CDPSE/ISACA risk response taxonomy defines risk avoidance as deciding not to engage in the activity that gives rise to the risk. Reduction/mitigation (B/D) means proceed with controls; acceptance (C) means proceed without additional treatment. Not expanding is classic avoidance.
Question
An organization is considering whether to expand its operations into additional international jurisdictions. After performing a privacy risk assessment, the organization decides not to begin operating in those jurisdictions. Which of the following BEST describes this type of risk response?
Options
- ARisk avoidance
- BRisk reduction
- CRisk acceptance
- DRisk mitigation
How the community answered
(26 responses)- A96% (25)
- B4% (1)
Explanation
CDPSE/ISACA risk response taxonomy defines risk avoidance as deciding not to engage in the activity that gives rise to the risk. Reduction/mitigation (B/D) means proceed with controls; acceptance (C) means proceed without additional treatment. Not expanding is classic avoidance. Key CDPSE-aligned phrasing (short extract): "Risk avoidance: Discontinue or do not initiate activities that create risk."
Topics
Community Discussion
No community discussion yet for this question.