Which of the following is an example of risk mitigation?

Implementing a firewall for the internal network is a clear example of risk mitigation because it involves taking proactive measures to reduce the potential impact of security threats. Firewalls serve as a barrier between trusted internal networks and untrusted external networks, monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. By filtering this traffic, a firewall helps prevent unauthorized access and potential attacks on the internal network, thereby actively reducing risk.

Risk mitigation strategies are focused on reducing the likelihood or impact of threats, and in this case, the firewall specifically serves to minimize risks associated with network vulnerabilities. The other options reflect different approaches or strategies; for instance, allowing employees to work from home may introduce certain risks rather than mitigate them. Comprehensive data backups also play a role in risk management, but they are more about risk acceptance and recovery rather than direct risk mitigation. Not addressing identified security gaps is clearly counterproductive and does not contribute to effective risk management practices.