An organization does not implement countermeasures against information threats; instead it simply absorbs the damages that occur.This approach is called ________.
A) risk acceptance
B) risk reduction
C) risk mitigation
D) risk transference
E) risk rescheduling

Question

Quizplus · Accepted Answer

Risk acceptance is a strategy where an organization decides to absorb the risks and costs associated with an information threat rather than implementing countermeasures to prevent it. This approach is suitable when the cost of implementing countermeasures is higher than the potential costs of the damage caused by the threat itself.

An Organization Does Not Implement Countermeasures Against Information Threats; Instead