After the risk assessment, organizations should be able to prioritize resources to do the following:

1. Avoid the risk:
   
   • Change planning to work around the problem
2. Control/mitigate the risk:
   • Isolate the problem and reduce the impact to the organization:
     • Network segmentation
     • Access control lists
     • Credential management
3. Accept the risk:
   • Acknowledgement that the problem exists
4. Transfer the risk:
   • Cyber insurance
   • Service providers