Which of the following is not an acceptable approach to handling risk?
A.
Rejecting
B.
Accepting
C.
Transferring
D.
Deferring
Explanation:
Deferring risk should not be an option when managing risk. Deferring
risk indicates that management has abdicated its responsibility to deal with the
risk problem. Management must deal with the riskeither formally accepting the risk,
rejecting it by taking countermeasure action, or transferring the risk. An example
of transferring the risk would be purchasing liability insurance or outsourcing the
information security responsibility.
According to question 712, the answer should be A, “rejecting.” The explanation on question 712 is goes directly against the explanation here. It says “Rejecting risk means to ignore that it exists and in turn not taking any steps to mitigate the risk.” So which explanation of “rejecting” is correct? I believe question 712 has it correct.
0
0
I agree with the answer here as one need to take in consideration of what is the “best answer”. All the study material informs us that risk is dealt with by rejecting, accepting, mitigate, or transferring. I have not hear of deferring risk and quite frankly that term in of itself makes little since. Also it is a common practice for management to REJECT risk in that they simply do not believe it to be there. So D is the best answer.
0
0