Which of the following is not an acceptable approach to handling risk?
A.
Rejecting
B.
Accepting
C.
Transferring
D.
Deferring
Explanation:
Deferring risk should not be an option when managing risk. Deferring
risk indicates that management has abdicated its responsibility to deal with the
risk problem. Management must deal with the riskeither formally accepting the risk,
rejecting it by taking countermeasure action, or transferring the risk. An example
of transferring the risk would be purchasing liability insurance or outsourcing the
information security responsibility.