So, you have identified a risk in your organization or project ... now what?  When a risk is identified there are four strategies you can use to address it.  The strategies can be remembered using the acronym ACAT:

1. Avoid
2. Control
3. Accept
4. Transfer

Cyber security is a two-sided coin; on one side are all of the technical controls needed to maintain security and on the other the operational processes required to manage them.  Just like a coin, both sides need to be in tact for it to be whole.

Unfortunately many organizations dedicate a disproportionate amount of resources to technical controls at the expense of properly managing their operational processes.  It is not uncommon for such organizations to spend large sums of money on the latest technical security gadget only to find themselves getting hacked anyway.