Exploration should include how security controls work to reduce or mitigate the risks to an asset(s) through methods that are designed to help accomplish the goal.

Security controls include those that are