1. Describe in detail what security controls are, how they are chosen, and how they should be managed once implemented.
2. Building from what you have learned so far in this course, explain how an organization gets to the risk mitigation step/phase. What was performed to get to the point where you (as part of the mitigation team/effort) are ready to implement mitigating countermeasures to solve some of the issues found.
3. What happens to the risks/vulnerabilities that cannot be mitigated? Explain in detail.