PECB Lead Implementer (ISO/IEC 27001) — Question 38

Which statement is an example of risk retention?

Answer options

• A. An organization has decided to release the software even though some minor bugs have not been fixed yet
• B. An organization has implemented a data loss protection software
• C. An organization terminates work in the construction site during a severe storm

Correct answer: A

Explanation

The correct answer, A, demonstrates risk retention by choosing to accept the potential consequences of releasing software with known minor bugs. Option B describes a proactive measure to mitigate risk, while option C illustrates risk avoidance by stopping work due to adverse weather conditions.