1. Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.

2. The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS),