A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for
several months. These risks are not high profile but still exist. Furthermore, many of these risks
have been mitigated with innovative solutions. However, at this point in time, the budget is
insufficient to deal with the risks. Which of the following risk strategies should be used?

A.
Transfer the risks

B.
Avoid the risks

C.
Accept the risks

D.
Mitigate the risks