It seems most risk and security programs, and instruction on how to run risk and security programs, focus exclusively on assessing risk, to then implement controls or take other actions to reduce that risk.
1/11
2/11
3/11
4/11
5/11
6/11
7/11
8/11
9/11
10/11
11/11