You are working in an enterprise.
You project deals with important files that are stored on the computer.
You have identified the risk of the failure of operations.
To address this risk of failure, you have guided the system administrator sign off on the daily backup.
This scenario is an example of which of the following?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Mitigation is the strategy that provides for the definition and implementation of controls to address the risk described.
Here in this scenario, you are trying to reduce the risk of operation failure by guiding administrator to take daily backup, hence it is risk mitigation.
Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level.
Risk mitigation can utilize various forms of control carefully integrated together.
The main control types are: -> Managerial(e.g.,policies) -> Technical (e.g., tools such as firewalls and intrusion detection systems) -> Operational (e.g., procedures, separation of duties) -> Preparedness activities Incorrect Answers: A: The scenario does not describe risk avoidance.
Avoidance is a strategy that provides for not implementing certain activities or processes that would incur risk.
B: The scenario does not describe the sharing of risk.
Transference is the strategy that provides for sharing risk with partners or taking insurance coverage.
C: The scenario does not describe risk acceptance, Acceptance is a strategy that provides for formal acknowledgment of the existence of a risk and the monitoring of that risk.
The scenario described above is an example of risk mitigation.
Risk mitigation refers to the implementation of measures or actions aimed at reducing the probability or impact of a potential risk to an acceptable level. In the scenario, the risk of failure of operations is identified, and to address this risk, the system administrator is guided to sign off on the daily backup of important files. By doing so, the probability of data loss due to system failure is reduced, and the impact of such an event is also reduced.
On the other hand, risk avoidance refers to the approach of completely avoiding a risk by not engaging in the activity that poses the risk. In this scenario, risk avoidance would mean not using computers to store important files.
Risk transference refers to the approach of transferring the risk to a third party or entity. An example of risk transference is purchasing insurance to transfer the risk of financial loss due to an event such as a natural disaster to an insurance company.
Risk acceptance refers to the approach of accepting the potential risk and its consequences without taking any measures to address it. In this scenario, risk acceptance would mean not taking any measures to address the risk of failure of operations and accepting the potential loss of important files due to system failure.
In summary, the scenario described is an example of risk mitigation, as measures are taken to reduce the probability and impact of a potential risk.