CompTIA CASP+ (CAS-003) — Question 26
Management is reviewing the results of a recent risk assessment of the organization's policies and procedures. During the risk assessment it is determined that procedures associated with background checks have not been effectively implemented. In response to this risk, the organization elects to revise policies and procedures related to background checks and use a third-party to perform background checks on all new employees. Which of the following risk management strategies has the organization employed?
Answer options
- A. Transfer
- B. Mitigate
- C. Accept
- D. Avoid
- E. Reject
Correct answer: B
Explanation
The organization is employing the 'Mitigate' strategy by revising its policies and procedures to enhance the effectiveness of background checks and by outsourcing this task to a third-party service. This approach reduces the risk associated with ineffective background checks. The other options, such as 'Transfer' and 'Accept', involve different strategies such as shifting the risk to another party or acknowledging it without action, which do not apply in this scenario.