An organization has decided to implement additional security controls to treat the risks of a new process.
This is an example of:
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Risk can never be eliminated entirely.
Transferring the risk gives it away such as buying insurance so the insurance company can take the risk.
Implementing additional controls is an example of mitigating risk.
Doing nothing to mitigate the risk would be an example of accepting risk.
The organization's decision to implement additional security controls to treat the risks of a new process is an example of "mitigating the risk."
Risk mitigation refers to the process of implementing controls or taking actions that will reduce or minimize the impact of identified risks. Mitigation measures are put in place to reduce the likelihood of a risk occurring or to reduce the consequences of the risk if it does occur.
In this scenario, the organization has identified a new process that poses risks to the security of their system or data. To mitigate these risks, the organization has decided to implement additional security controls to reduce the likelihood of a security breach or minimize the impact of the breach if it does occur.
Eliminating the risk would involve completely removing the new process, which may not be feasible or practical for the organization. Transferring the risk would involve shifting the responsibility for the risk to a third party, such as an insurance company or a supplier, which is also unlikely to be applicable in this scenario. Accepting the risk would mean that the organization has decided not to take any action to reduce or mitigate the risks associated with the new process, which is generally not a recommended approach to risk management.
Therefore, the most appropriate answer to this question is C. mitigating the risk.