CISSP-ISSAP · Question #238
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Whi
The correct answer is C. Risk transfer. Purchasing liability insurance is the classic example of risk transfer (C) - the company shifts the financial burden of potential losses to a third party (the insurer) in exchange for premium payments. Risk acceptance (A) means acknowledging a risk and doing nothing about it, whi
Question
Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?
Options
- ARisk acceptance
- BRisk avoidance
- CRisk transfer
- DRisk mitigation
How the community answered
(19 responses)- A5% (1)
- B16% (3)
- C74% (14)
- D5% (1)
Explanation
Purchasing liability insurance is the classic example of risk transfer (C) - the company shifts the financial burden of potential losses to a third party (the insurer) in exchange for premium payments. Risk acceptance (A) means acknowledging a risk and doing nothing about it, which doesn't involve insurance. Risk avoidance (B) means eliminating the activity that creates the risk altogether (e.g., not storing customer data at all). Risk mitigation (D) means reducing the likelihood or impact of a risk through controls like firewalls or encryption - not transferring it.
Memory tip: Think "transfer = third party." Any time money moves to an outside entity (insurance, outsourcing liability, indemnity clauses), that's risk transfer.
Topics
Community Discussion
No community discussion yet for this question.