EXIN Information Security Foundation (ISFS) — Question 3

You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks. What is this risk strategy called?

Answer options

• A. Risk bearing
• B. Risk avoiding
• C. Risk neutral

Correct answer: C

Explanation

The correct answer is 'Risk neutral' because it reflects the strategy of accepting small risks while managing larger ones. 'Risk bearing' implies taking on all risks without distinction, and 'Risk avoiding' suggests eliminating risks entirely, which does not align with the approach described.