Possible actions in risk management is eliminating or mitigating risk, assigning risk to a third party or transferring risk and accepting risk.  Suppose that the risk management has same set of actions for a computer based system that is connected to the Internet. There are numerous vulnerabilities in such a system so that malicious intruders can harm the system. Thus, the risk in this system is very high especially if the data is sensitive. To eliminate the risk, employing strong security primitives, e.g., installing an antivirus program, enabling a firewall and using trusted hardware and software will help to mitigate the risk. Again, transferring this risk to a third party is possible. Security can be guaranteed by a secure network service provider. For some situations, the system has to accept the risk since some websites provides minimal security that might lead a potential data loss or harm. Correct answer is C.