During a risk assessment, an organization identifies that its primary data center is located in a flood-prone area. Which risk treatment option would best address this risk?
Trap 1: Purchase business interruption insurance
Insurance is a transfer, not mitigation.
Trap 2: Move all operations to a cloud provider
This is avoidance, but not the best treatment if operations are critical.
Trap 3: Accept the risk and document it in the risk register
Acceptance does not implement controls.
- A
Purchase business interruption insurance
Why wrong: Insurance is a transfer, not mitigation.
- B
Move all operations to a cloud provider
Why wrong: This is avoidance, but not the best treatment if operations are critical.
- C
Implement flood barriers and redundant cooling systems
This is a mitigation action.
- D
Accept the risk and document it in the risk register
Why wrong: Acceptance does not implement controls.