After a risk assessment it is decided that security controls will be applied to a system to lower the likelihood of an incident occurring from a risk being exploited. Which risk management strategy is being used?
Transference
Mitigation
Acceptance
Avoidance