nerdexam
(ISC)2

CISSP-ISSEP · Question #48

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Whi

The correct answer is D. Risk transfer. Purchasing a liability insurance policy is a classic example of risk transfer (D) - the company shifts the financial burden of potential losses to a third party (the insurer) in exchange for a premium payment. Why the distractors are wrong: A (Risk acceptance) means acknowledging

Risk Management

Question

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Options

  • ARisk acceptance
  • BRisk mitigation
  • CRisk avoidance
  • DRisk transfer

How the community answered

(66 responses)
  • A
    2% (1)
  • B
    5% (3)
  • C
    2% (1)
  • D
    92% (61)

Explanation

Purchasing a liability insurance policy is a classic example of risk transfer (D) - the company shifts the financial burden of potential losses to a third party (the insurer) in exchange for a premium payment.

Why the distractors are wrong:

  • A (Risk acceptance) means acknowledging the risk and doing nothing about it - no insurance would be purchased.
  • B (Risk mitigation) means reducing the likelihood or impact of a risk (e.g., installing firewalls, patching systems) - insurance doesn't reduce the threat, it just covers the cost if it materializes.
  • C (Risk avoidance) means eliminating the activity that creates the risk entirely (e.g., shutting down an internet-facing service) - the company is still operating and exposed to the risk.

Memory tip: Think of the four risk responses as TAME - Transfer (insurance/contracts), Accept (do nothing), Mitigate (reduce it), Eliminate/Avoid (stop the activity). Anytime you see "insurance" or "third party," the answer is almost always Transfer.

Topics

#Risk transfer#Insurance#Risk management techniques#Information security risks

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice