PrepAway - Latest Free Exam Questions & Answers

What is this this approach to risk management called?

There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does
not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to
conduct business operations. What is this this approach to risk management called?

PrepAway - Latest Free Exam Questions & Answers

A.
Risk Acceptance

B.
Risk Avoidance

C.
Risk Transference

D.
Risk Mitigation

Explanation:
Risk Acceptance means the company understands the level of risk it is faced with, as well as the potential cost
of damage, and decides to just live with it and not implement the countermeasure. Many companies will accept
risk when the cost/benefit ratio indicates that the cost of the countermeasure outweighs the potential loss value.
Risk acceptance should be based on several factors. For example, is the potential loss lower than the
countermeasure? Can the organization deal with the “pain” that will come with accepting this risk? This second
consideration is not purely a cost decision, but may entail noncost issues surrounding the decision. Forexample, if we accept this risk, we must add three more steps in our production process. Does that make
sense for us? Or if we accept this risk, more security incidents may arise from it, and are we prepared to handle
those?
Incorrect Answers:
B: Risk avoidance is where a company removes the risk. For example, by disabling a service or removing an
application deemed to be a risk. This does not refer to the accepting of known risks.
C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This
would transfer the risk to the insurance company. This does not to the accepting of known risks.
D: Risk mitigation is to implement countermeasures to protect against the risk. This does not refer to the
accepting of known risks.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98


Leave a Reply