(ISC)2 Certified in Cybersecurity Practice Exam

What is the process of reducing the likelihood or impact of a risk called?

• A. Risk Assessment
• B. Risk Mitigation
• C. Risk Transfer
• D. Risk Avoidance

The correct answer is: Risk Mitigation

The process of reducing the likelihood or impact of a risk is referred to as risk mitigation. This involves taking proactive steps to minimize potential negative effects associated with a risk. Risk mitigation can include various strategies such as implementing security controls, applying safeguards, and developing response plans to address identified risks. The goal is to bring the level of risk down to an acceptable threshold, thereby protecting the organization from potential losses or damages. In contrast, risk assessment refers to the process of identifying and evaluating risks, understanding their potential impact and likelihood. This stage precedes risk mitigation and is essential for determining which risks need to be addressed. Risk transfer involves shifting the burden of risk to another party, often through agreements or insurance. This method does not reduce the risk itself but rather alters who bears the consequences should the risk materialize. Risk avoidance entails eliminating the risk entirely by modifying plans or actions so that the chance of the risk occurring is removed. While this can be effective, it is not always feasible and does not always contribute to reducing the impact of existing risks. Thus, risk mitigation is specifically focused on reducing the potential severity and occurrence of risks through various protective measures, distinguishing it from the other processes related to risk management.