Certified Chief Information Security Officer (CCISO) — Question 7

When dealing with risk, the information security practitioner may choose to:

Answer options

• A. acknowledge
• B. transfer
• C. assign
• D. defer

Correct answer: B

Explanation

The correct answer is B, as transferring risk involves shifting the responsibility of the risk to another party, such as through insurance or outsourcing. Acknowledging risk (A) means recognizing its existence but does not mitigate it, assigning (C) is not a common term used in risk management, and deferring (D) suggests postponing action rather than addressing the risk.