A may not be a correct answer. A is not an example for risk mitigation.
Both options B and D are correct here; because B meant Risk Avoidance which is one of the mitigation; D meant transfer risk to insurer which is also one of the mitigation.
While discontinuing the activity associated with the risk (B) can be an effective risk mitigation strategy in certain circumstances, it may not always be feasible or practical. For example, discontinuing a critical business activity may not be an option for many organizations.
Improving security controls (A), on the other hand, is a more flexible and common approach to risk mitigation. By enhancing the security measures in place, organizations can reduce the likelihood or impact of a potential security incident. This approach allows organizations to continue their operations while reducing the risk of a security breach or loss of sensitive information.
I like B. Risk avoidance is a better example of risk mitigation strategy.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
karanvp
Highly Voted 1 year agoBroesweelies
Highly Voted 1 year, 5 months agorichck102
Most Recent 1 year agoCarlLimps
1 year, 4 months ago