CRISC Certified in Risk and Information Systems Control – Question126
You are working in an enterprise. You project deals with important files that are stored on the computer. You have identified the risk of the failure of operations. To address this risk of failure, you have guided the system administrator sign off on the daily backup. This scenario is an example of which of the following? A. Risk avoidance B. Risk transference C. Risk acceptance D. Risk mitigation
Correct Answer: D
Explanation:
Explanation:
Mitigation is the strategy that provides for the definition and implementation of controls to address the risk described. Here in this scenario, you are trying to reduce the risk of operation failure by guiding administrator to take daily backup, hence it is risk mitigation.
Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level. Risk mitigation can utilize various forms of control carefully integrated together. The main control types are:
Managerial(e.g.,policies)
Technical (e.g., tools such as firewalls and intrusion detection systems)
Operational (e.g., procedures, separation of duties)
Preparedness activities
Incorrect Answers:
A: The scenario does not describe risk avoidance. Avoidance is a strategy that provides for not implementing certain activities or processes that would incur risk.
B: The scenario does not describe the sharing of risk. Transference is the strategy that provides for sharing risk with partners or taking insurance coverage.
C: The scenario does not describe risk acceptance, Acceptance is a strategy that provides for formal acknowledgment of the existence of a risk and the monitoring of that risk.
Please disable your adblocker or whitelist this site!