Ans 1.

When risks are identified and analyzed, it is not always appropriate to implement controls to counter them. Some risks may be minor, and it may not be cost-effective to implement expensive control processes for them. The risk management strategy is explained below:

• Tolerate/Accept the risk: One of the primary functions of management is managing risk. Some risks may be considered minor because their impact and probability of occurrence are low. In this case, consciously accepting the risk as a cost of doing business is appropriate, as well as periodically reviewing the risk to ensure its impact remains low.

• Terminate/Eliminate the risk: It is possible for a chance to be associated with the use of technology, supplier, or vendor. The risk can be eliminated by replacing the technology with more robust products and by seeking more capable suppliers and vendors.

• Transfer/Share the risk: Risk mitigation approaches can be shared with trading partners and suppliers. A good example is outsourcing infrastructure management. In such a case, the supplier mitigates the risks associated with IT management. infrastructure by being more capable and having access to more highly skilled staff than the primary organization. Risk also may be mitigated by transferring the cost of realized risk to an insurance provider.

• Treat/mitigate the risk: Where other options have been eliminated, suitable controls must be devised and implemented to prevent the risk from manifesting sting itself or to minimize its effects.

• Turn back: Where the probability or impact of the risk is very low, then management may decide to ignore the r