CISM - Information Security Risk Management - Section 2.4
Evaluate and select appropriate risk treatment and risk response options in accordance with the organisation's risk appetite.
Evaluate the four risk treatment options - risk mitigation, risk transfer, risk acceptance, and risk avoidance - and select the response that best matches the organisation's documented risk appetite. Recognise that residual risk remaining after treatment must be formally accepted by an appropriate risk owner.
Risk treatmentRisk acceptanceRisk transferRisk mitigation
More in this domain
Back to all Information Security Risk Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.