Which is not a risk mitigation strategy?
Avoid the risk
Accept the risk
Transfer the risk
Challenge the risk
You have found that a vulnerability has a low likelihood of impacting your organization. In addition, the cost to upgrade the system to address the finding, is five times the cost of the risk. Which is not a viable action?
Document and accept the risk
Upgrade the system to close the gap
Avoid the risk with mitigating controls
Next Concept