![[Translate to English:]](/fileadmin/_NCP/image/news/Welt_Schloesser.jpg "[Translate to English:]")
[Translate to English:]
Once a risk analysis has been conducted and the risks facing a company have been identified, for example the fundamental vulnerability of systems to malware, each risk must be addressed. Generally there are four strategies for dealing with risks, especially if the company is following ISO 27001: Avoid, control, accept or transfer –after taking a quick glance at the first three options, we'll be moving on to discuss transferring risk in more detail. Going back to our malware example, you could avoid this risk by cutting off your server from the outside world. If you chose to control or reduce the risk, you could install current anti-malware software. You could also decide that the situation is tenable and accept the risk. But what happens if you decide to take the fourth option of transferring risk to another party – usually an insurance company.
Read more in our blog VPN Haus.
