An organization has decided to implement additional security controls to treat the risks of a new process. This is an example of: 

Answer options:

A. eliminating the risk.
B. transferring the risk.
C. mitigating the risk.
D. accepting the risk.

C

Risk can never be eliminated entirely. Transferring the risk gives it away such as buying insurance so the insurance company can take the risk. Implementing additional controls is an example of mitigating risk. Doing nothing to mitigate the risk would be an example of accepting risk.