Mitigating Controls for Risk Management