Kirk’s organization has been experiencing large-scale denial- of-service (DoS) attacks against their primary website. Kirk contracts with his Internet service provider to increase the organization’s bandwidth and expands the server pool for the website to handle significantly more traffic than any of the previous DoS attacks. What type of risk management strategy has he employed?

Kirk has mitigated the risk to his organization by increasing the resources targeted by the DoS attack in an attempt to ensure that the attack will not be successful. Acceptance would involve simply letting the attacks occur knowing they are likely to stop, avoidance might involve finding a way to ensure the attacks cannot occur, and transfer could leverage a third- party mirror or anti-DoS hosting service.