1. Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
2. The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary