After review of the potential threats and attacks report, the CIO requests that I develop a follow-up plan developing a strategy for dealing with all risks (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Now we will use that report to plan administrative, preventative, detective and corrective actions that will mitigate against the threats we have identified.