Detective

Preventive

Corrective

Compensating

Governance, control effectiveness, and data type

Control effectiveness, organizational mission, and cost to implement and maintain

Governance, control effectiveness, and cost to implement and maintain

Cost to implement and maintain, data type, and organizational mission

Cost and effectiveness of response options

Resistance by personnel to response options

Cost and expected profit from response options.

Governance-mandated response options

Administrative

Technical

Physical

Financial

Organizations can avoid emerging risks by not adopting new technologies

Once a particular risk has been assessed, it does not change

The dynamic nature of risk means that it must be constantly monitored, reassessed, and reevaluated.

Emerging risks are limited to only the implementation of new technologies

Effectiveness

Cost

Risk reduction

Compliance

Data must be trustworthy and accurate.

Data must align with what management expects the report to reflect.

Data must consider management’s attitude toward risk.

Data must be favorable toward risk analysts and risk owners