# Risk Response Strategies One-sentence definition: Options to address risk—avoid, mitigate, transfer/share, accept—based on appetite and cost-benefit. ## Key Facts - Avoid: change plans to eliminate risk (don’t do it). - Mitigate: implement controls to reduce likelihood/impact. - Transfer/Share: shift impact to third party (insurance, contracts). - Accept: formally acknowledge residual risk (owner approval). - Residual risk remains after treatment; monitor via KRIs. - Document decisions in risk register with rationale and owners. - **Label:** **Decision** must align to appetite/tolerance and ROI. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Select the best response given constraints (budget, law, impact). **Mnemonic:** “AMTA” → Avoid, Mitigate, Transfer, Accept. ## Mini Scenario Q: Legal requirement mandates control; can we accept the risk? A: No—compliance risks typically cannot be accepted; must be treated. ## Revision Checklist - Define each response with one example. - State who approves acceptance. - Map transfer to instruments (insurance/SLA). ## Related [[Risk Management Lifecycle]] · [[Risk Assessment: Qualitative vs Quantitative]] · [[Risk Analysis Metrics: SLE, ARO, ALE]] · [[Compliance and Regulatory Concepts]] · [[Risk Register and Reporting]] · [[Domain 1 - Index]]