Problem
InfoSec team has identified assets with an unacceptable level of risk, the team must choose one of the five basic strategies to treat the risks for those assets. What are the five strategies that are used and how do they apply to the following questions?
i. What conditions must be met to ensure that risk acceptance has been used properly?
ii. What must be considered in a mitigation plan?
iii. Can outsourcing be used for risk transference? Explain.