d. Risks: Unauthorized Access to Sensitive Data Disruption of Online Services Damage to Reputation due to Security Incidents There are 4 techniques for controlling the risk which is as follows: Acceptance: risk is acknowledged but no action is taken Transference: risk is transferred to a third party, but needs to pay a premium to the third party Avoidance: Identify the risk but do not act on the activity from where the risk may occur. Mitigation: Take a few mitigation techniques such as disaster recovery, business continuity, and others to reduce the risk. You need to state clearly what approach you want to choose for controlling the three identified risks above