Question: An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of:
A.) eliminating the risk.
B.) transferring the risk.
C.) mitigating the risk.
D.) accepting the risk.

Download pdf (with explanations) edition of this exam.