CERTIFIED-IN-CYBERSECURITY · Question #204
CERTIFIED-IN-CYBERSECURITY Question #204: Real Exam Question with Answer & Explanation
The correct answer is D: Risk acceptance. Risk acceptance is a risk management strategy in which a company chooses not to implement controls to address a risk, but instead accepts the risk and its potential consequences (see ISC2 Study Guide, Module 2, under Risk Management Terminology). In this scenario, the cost of imp
Question
Which risk management strategy is a company applying when the cost of implementing controls for a natural disaster outweighs the benefits?
Options
- ARisk transference
- BRisk mitigation
- CRisk avoidance
- DRisk acceptance
Explanation
Risk acceptance is a risk management strategy in which a company chooses not to implement controls to address a risk, but instead accepts the risk and its potential consequences (see ISC2 Study Guide, Module 2, under Risk Management Terminology). In this scenario, the cost of implementing controls for a natural disaster is greater than the potential damage caused by the disaster, so it has decided to accept the risk. This doesn't mean the company ignores the risk; rather, they have made a conscious decision to accept it after considering the costs and benefits. Risk avoidance would involve taking action to avoid the risk altogether, such as moving the business to a location that is not prone to natural disasters. Risk mitigation would involve implementing controls to reduce the likelihood or impact of the risk. Risk transference would involve transferring the risk to another party, such as by purchasing insurance.
Topics
Community Discussion
No community discussion yet for this question.