CRISC · Question #582
CRISC Question #582: Real Exam Question with Answer & Explanation
The correct answer is A: Avoidance. By temporarily shutting down an online sales system due to a potential data breach, the organization is employing risk avoidance by eliminating the activity that causes the risk.
Question
Because of a potential data breach, an organization has decided to temporarily shut down its online sales order system until sufficient controls can be implemented. Which risk treatment has been selected?
Options
- AAvoidance
- BAcceptance
- CMitigation
- DTransfer
Explanation
By temporarily shutting down an online sales system due to a potential data breach, the organization is employing risk avoidance by eliminating the activity that causes the risk.
Common mistakes.
- B. Risk acceptance is when an organization acknowledges a risk and decides to take no action to reduce it, which is contrary to shutting down the system.
- C. Risk mitigation involves taking steps to reduce the likelihood or impact of a risk, such as implementing new controls, but shutting down the system eliminates the risk, rather than just reducing it.
- D. Risk transfer involves shifting the financial burden or responsibility of a risk to a third party, often through insurance or contracts, which is not what shutting down a system achieves.
Concept tested. Risk treatment strategies (avoidance)
Reference. https://learn.microsoft.com/en-us/compliance/regulatory/risk-assessment-template-introduction
Topics
Community Discussion
No community discussion yet for this question.