nerdexam
(ISC)2

CISSP-ISSAP · Question #238

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Whi

The correct answer is C. Risk transfer. Purchasing liability insurance is the classic example of risk transfer (C) - the company shifts the financial burden of potential losses to a third party (the insurer) in exchange for premium payments. Risk acceptance (A) means acknowledging a risk and doing nothing about it, whi

Architect for Governance, Risk, and Compliance

Question

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Options

  • ARisk acceptance
  • BRisk avoidance
  • CRisk transfer
  • DRisk mitigation

How the community answered

(19 responses)
  • A
    5% (1)
  • B
    16% (3)
  • C
    74% (14)
  • D
    5% (1)

Explanation

Purchasing liability insurance is the classic example of risk transfer (C) - the company shifts the financial burden of potential losses to a third party (the insurer) in exchange for premium payments. Risk acceptance (A) means acknowledging a risk and doing nothing about it, which doesn't involve insurance. Risk avoidance (B) means eliminating the activity that creates the risk altogether (e.g., not storing customer data at all). Risk mitigation (D) means reducing the likelihood or impact of a risk through controls like firewalls or encryption - not transferring it.

Memory tip: Think "transfer = third party." Any time money moves to an outside entity (insurance, outsourcing liability, indemnity clauses), that's risk transfer.

Topics

#Risk Transfer#Insurance#Liability Coverage#Risk Management

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice