A company is revising its strategic plan and wants to balance its growth objectives with its information security risks. The company seeks neither to aggressively pursue risk for potential gains nor to minimize risk at the expense of new opportunities. Which of the following best describes the company's risk strategy?
The company is aggressively expanding into new markets, often prioritizing potential gains over the strict management of information security risks.
The company is adopting a neutral risk strategy to support steady growth while efficiently managing security risks.
The company assesses security risks on a case-by-case basis, with no predefined strategy towards risk.
The company strictly minimizes any potential security risks, even if it means passing on potentially lucrative opportunities.