The four T’s of risk guidance produced by the Office of Government Commerce are transfer, tolerate, treat, and terminate. They are:
Transfer: This strategy involves transferring or sharing some or all of the responsibility or impact of a risk to another party, such as an insurer, a supplier, or a partner.
Tolerate: This strategy involves accepting or retaining a risk without taking any further action to reduce it, either because the risk level is acceptable or because the cost or effort of reducing it is not justified.
Treat: This strategy involves taking steps to reduce the likelihood or impact of a risk to an acceptable level, such as implementing controls, mitigations, or contingency plans.
Terminate: This strategy involves eliminating or avoiding a risk by discontinuing or changing the activity that causes it. Verified References:https://www.investopedia.com/terms/t/the-four-ts.asp https://www.thebci.org/training-qualifications/good-practice-guidelines.html
Questions # 12:
A formal "disaster" can only be declared by the firm owners or by the IT Department Manager.
A formal “disaster” can only be declared by the firm owners or by the IT Department Manager. This is false because a formal “disaster” can be declared by any authorized person who has the responsibility and authority to activate the business continuity and disaster recovery plan. The authorized person may vary depending on the type, scope, and severity of the disaster, but it should be clearly defined in the plan who can declare a disaster and under what circumstances. The authorized person should also communicate the declaration of a disaster to all relevant stakeholders, such as employees, customers, suppliers, partners, regulators, media, or the public. Verified References: https://www.ready.gov/business-continuity-plan https://www.csoonline.com/article/515730/business-continuity-and-disaster-recovery-planning-the-basics.html
