PrepAway - Latest Free Exam Questions & Answers

Which of the following risk handling technique involves…

Which of the following risk handling technique involves the practice of being proactive so that the risk in
question is not realized?

PrepAway - Latest Free Exam Questions & Answers

A.
Risk Mitigation

B.
Risk Acceptance

C.
Risk Avoidance

D.
Risk transfer

Explanation:
If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For
example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this
technology. The company could decide not to allow any IM activity by their users because there is not a strong
enough business need for its continued use. Discontinuing this service is an example of risk avoidance.
By being proactive and removing the vulnerability causing the risk, we are avoiding the risk.
Incorrect Answers:
A: Risk mitigation is to implement a countermeasure to protect against the risk. Implementing controls is beingproactive and would ‘reduce’ a risk, however, only risk avoidance ‘removes’ the risk or prevents the risk being
realized in the first place.
B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential
cost of damage, and decides to just live with it and not implement the countermeasure. This does not describe
being proactive to remove the risk.
D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This
would transfer the risk to the insurance company. This does not describe being proactive to remove the risk.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98


Leave a Reply