Which THREE of the following are acceptable risk treatment options according to NIST risk management framework?
Risk mitigation involves implementing controls to reduce risk.
Why this answer
Risk avoidance, mitigation, transfer, and acceptance are standard. Risk identification is a step, not treatment. Risk duplication is not a term.