The organization is implementing a new cloud-based real-time backup system to reduce the

likelihood of data loss, which is an example of risk mitigation because:

Reducing Risk Impact: By upgrading from an outdated system, the organization minimizes the

potential consequences of data loss.

Implementing Controls: The new backup system is a proactive control measure designed to decrease

the risk.

Enhancing Recovery Capabilities: Real-time backups ensure that data remains intact and recoverable

even in case of a failure.

Other options analysis:

B . Risk avoidance: Involves eliminating the risk entirely, not just reducing it.

C . Risk transfer: Typically involves shifting the risk to a third party (like insurance), not implementing

technical controls.

D . Risk acceptance: Involves acknowledging the risk without implementing changes.

CCOA Official Review Manual, 1st Edition Reference:

Chapter 5: Risk Management: Clearly differentiates between mitigation, avoidance, transfer, and

acceptance.

Chapter 7: Backup and Recovery Planning: Discusses modern data protection strategies and their risk

implications.