A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks.
Which of the following risk strategies should be used?
A . Transfer the risks
B . Avoid the risks
C . Accept the risks
D . Mitigate the risks
Answer: C