CISSP – Information Systems Security Architecture Professional (ISSAP) — Question 95

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Answer options

• A. Risk acceptance
• B. Risk avoidance
• C. Risk transfer
• D. Risk mitigation

Correct answer: C

Explanation

The correct answer is C, Risk transfer, as the company is transferring the financial responsibility of potential information security incidents to the insurance provider. The other options do not apply because risk acceptance involves taking on risk without any external help, risk avoidance means eliminating the risk altogether, and risk mitigation refers to reducing the impact or likelihood of risks, none of which involve insurance coverage.