Certified Information Systems Auditor (CISA) — Question 1397

Management receives information indicating a high level of risk associated with potential flooding near the organization's data center with in the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?

Answer options

• A. Risk reduction
• B. Risk acceptance
• C. Risk transfer
• D. Risk avoidance

Correct answer: D

Explanation

The correct answer is D, Risk avoidance, because relocating the data center to a safer location mitigates the flood risk entirely. The other options are incorrect as they do not involve moving operations to eliminate risk: Risk reduction would involve measures to lessen the impact, Risk acceptance means tolerating the risk, and Risk transfer involves shifting the risk to another party.