A financial institution is implementing a new online banking platform. The risk assessment identified that the authentication module has a high likelihood of exploitation due to weak password policies. The risk owner has decided to implement multi-factor authentication (MFA) to reduce the risk. This is an example of which risk response strategy?
Trap 1: Risk avoidance
Risk avoidance would involve not implementing the platform or eliminating the risk entirely, which is not the case here.
Trap 2: Risk acceptance
Risk acceptance would mean acknowledging the risk and not taking any action, which contradicts the implementation of MFA.
Trap 3: Risk transfer
Risk transfer would involve shifting the risk to a third party, such as through insurance, not implementing a control.
- A
Risk avoidance
Why wrong: Risk avoidance would involve not implementing the platform or eliminating the risk entirely, which is not the case here.
- B
Risk mitigation
MFA reduces the likelihood or impact of the risk, which is the definition of risk mitigation.
- C
Risk acceptance
Why wrong: Risk acceptance would mean acknowledging the risk and not taking any action, which contradicts the implementation of MFA.
- D
Risk transfer
Why wrong: Risk transfer would involve shifting the risk to a third party, such as through insurance, not implementing a control.