Talk:Risk control strategies

Does not seem to reflect a widely accepted standard framework & Terminology
This article seems to be based on the framework & terminology of a single source "Management of information security", rather than a widely accepted standard framework & terminology.

Starting with the title, Risk Control Strategies doesn't sound right, and does not seem to be common in the literature. Risk Management is commonly used, but might be too broad for this article. A surprisingly common terminology is "Risk Mitigation", which is a bit awkward given that Mitigation is one of the approaches/options. Others are "Risk Treatment", "Risk Response", and "Risk Handling"  but not sure those make good titles (unless we preface with the word "Security"); however, perhaps they would work as subtitles for a larger article on "Risk Management".

The breakdown into: Defense, Transferal, Mitigation, Acceptance, Termination does not seem widely accepted, particularly the Termination & Defense (The Termination approach seems rare (at-least as a separate category), and what is termed "Defense" is usually under Mitigate/Reduce/control). The universal 4 seem to be: Transfer, Accept, Avoid, and Mitigate/Reduce/control. Various sources use alternative terms that are alternatives for, or fall under, those 4. (See note for details)

- Yaakovaryeh (talk) 05:40, 31 December 2021 (UTC)