After the risk assessment, organizations should be able to prioritize resources to do the following:
- Avoid the risk:
- Change planning to work around the problem
- Control/mitigate the risk:
- Isolate the problem and reduce the impact to the organization:
- Network segmentation
- Access control lists
- Credential management
- Isolate the problem and reduce the impact to the organization:
- Accept the risk:
- Acknowledgement that the problem exists
- Transfer the risk:
- Cyber insurance
- Service providers