CISSP – Information Systems Security Management Professional (ISSMP) — Question 59

Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Answer options

• A. Risk mitigation
• B. Risk transfer
• C. Risk acceptance
• D. Risk avoidance

Correct answer: B

Explanation

The correct answer is B, Risk transfer, as the company is shifting the financial burden of potential information security risks to the insurance provider. The other options, such as Risk mitigation, involve reducing risks directly, Risk acceptance means acknowledging the risk without any measures, and Risk avoidance entails completely eliminating the risk, none of which apply in this scenario.