Certified in Risk and Information Systems Control (CRISC) — Question 764

Which of the following methods is an example of risk mitigation?

Answer options

• A. Outsourcing the IT activities and infrastructure
• B. Taking out insurance coverage for IT-related incidents
• C. Enforcing change and configuration management processes
• D. Not providing capability for employees to work remotely

Correct answer: C

Explanation

The correct answer is C, as enforcing change and configuration management processes helps to minimize risks by ensuring that all changes are properly reviewed and documented. Options A and B are related to transferring or accepting risk rather than mitigating it, while option D does not address risk management in a proactive manner.