During a risk assessment it was concluded that the value of an asset was less than the cost of the security control needed to protect it from an identified risk. Because of this, it has been decided not to use the control but still utilize the asset. What type of risk management strategy is being used?
|Governance, Risk, and Compliance|
|Architecture and Design|
|Operations and Incident Response|
|Attacks, Threats, and Vulnerabilities|