Explain two practical guidelines to follow in risk treatment strategy selection.

What will be an ideal response?

- When a vulnerability (flaw or weakness) exists:  Implement security controls to reduce the likelihood of a vulnerability being exploited.- When a vulnerability can be exploited:  Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.- When the attacker's potential gain is greater than the costs of attack:  Apply protections to increase the attacker's cost or reduce the attacker's gain by using technical or managerial controls.- When the potential loss is substantial:  Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.