After a risk assessment it is decided that security controls will be applied to a system to lower the likelihood of an incident occurring from a risk being exploited. Which risk management strategy is being used?
|Governance, Risk, and Compliance|
|Architecture and Design|
|Operations and Incident Response|
|Attacks, Threats, and Vulnerabilities|