The CISSP study guide gives the following 'Risk responses' in Domain 1 (§1.9.3):

- Reduce or mitigate – implementation of safeguards and countermeasures to eliminate vulnerabilities or block threats
- Assign or transfer – placement of the cost of loss onto another entity; insurance and outsourcing are common forms
- Accept – analysis shows countermeasure costs would outweigh the possible cost of loss; also management has agreed to accept the consequences
- Deter – implementing deterrents to would-be violators of security and policy
- Avoid – selecting alternate options or activities that have less associated risk
- Reject or ignore – unacceptable


PMP Concepts ([source](https://www.pmlearningsolutions.com/blog/announcement-ppm-launching-pmp-concept-learning-series)) lists "three proactive approaches to handling a negative risk":

* Avoid – eliminate the risk
* Transfer – shift the impact to a 3rd party
* Mitigate – decrease the probability or impact

See also [Examples of Risk Avoidance](../Examples%20of%20Risk%20Avoidance.md).