In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate
involvement with the risk being evaluated?

A.
Avoidance

B.
Acceptance

C.
Transference

D.
Mitigation

Explanation:
If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For
example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this
technology. The company could decide not to allow any IM activity by their users because there is not a strong
enough business need for its continued use. Discontinuing this service is an example of risk avoidance.
By avoiding the risk, we can eliminate involvement with the risk.
Incorrect Answers:
B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential
cost of damage, and decides to just live with it and not implement the countermeasure. This does not eliminate
involvement with the risk.
C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This
would transfer the risk to the insurance company. This does not eliminate involvement with the risk.
D: Risk mitigation is to implement a countermeasure to protect against the risk. This does not eliminate
involvement with the risk.References:
Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98