A financial institution’s information security officer is working with the risk management officer to determine what to do with the institution’s residual risk after all security controls have been implemented.
Considering the institution’s very low risk tolerance, which of the following strategies would be BEST?
A . Transfer the risk.
B . Avoid the risk
C . Mitigate the risk.
D . Accept the risk.
Answer: A