What are the four ways to respond to risk?

The four risk response strategies are mitigation, transfer, avoidance, and acceptance. Mitigation reduces the likelihood or impact of a risk by implementing controls, such as installing a firewall. Transfer shifts the financial impact to another party, most commonly through insurance or outsourcing. Avoidance eliminates the risk entirely by discontinuing the activity that creates it, such as not storing sensitive data. Acceptance acknowledges the risk without additional controls when the cost of mitigation exceeds the potential loss.