As a security administrator in your company, you have identified a security threat that you lack the necessary in-house expertise to address. You opt to enlist the services of external resources through a contract. The contractor will be accountable for managing and handling this security risk. Which of the following risk response strategies are you using?

Risk transfer involves transferring the responsibility of recovery and restoration to hosted providers or obtaining insurance to cover the costs associated with a risk. Risk acceptance entails identifying and acknowledging a risk that is either improbable or has limited impact, thereby rendering corrective measures unnecessary. Risk mitigation involves implementing controls to lessen vulnerabilities or weaknesses in a system, which can also reduce the impact of a threat. Risk avoidance refers to eliminating the vulnerability that can heighten a particular risk, thus avoiding it entirely.