Question 11
Main Page
Your organization accepts a known security risk without applying mitigation controls. What risk treatment approach does this represent?
A. Risk avoidance
B. Risk modification
C. Risk acceptance
D. Risk transference
Answer: C. Risk acceptance
Choosing to live with a known risk due to cost or practicality reasons is risk acceptance. It must be documented and approved.