determined. Technologies and processes to remediate threats should
               be considered and weighted according to their cost and effectiveness.

               Response options should include making adjustments to software
               architecture, altering operations and processes, and implementing
               defensive and detective components.