) Consideration of IT risks and risk mitigation policies, plans, and measures. For example, business continuity management, IT security, incident management, and IT asset management. (4) Proper allocation and