A public cloud service company provides data storage services to multiple customers. The company decides to purchase an insurance policy to cover the data loss due to natural disasters. Which risk management action level has the service company taken to manage the potential risk?

A public cloud service company provides data storage services to multiple customers. The company decides to purchase an insurance policy to cover the data loss due to natural disasters. Which risk management action level has the service company taken to manage the potential risk?

• accept
• transfer
• mitigation
• avoidance

Explanation: Risk management is the identification, evaluation, and prioritization of risks. Organizations manage risk in one of four ways:

• Avoidance (Elimination) - Risk avoidance is the complete removal or elimination of risk from a specific threat.
• Mitigation (Reduction) - Risk mitigation involves implementing controls that allow the organization to continue to perform an activity while using mechanisms to reduce the risk from a particular threat.
• Transfer - Organizations can transfer risk from specific threats to a third party person or another organization.
• Accept - Accepting risk involves the identification of the threats but not implementing mitigation processes based on a conscious decision.

Exam with this question: Cyber Threat Management - 5.4.2 Risk Management and Security Controls Quiz