*4.1.3 Mitigation capacity*

This is called countermeasures. The capability of mitigation (that is, capacity of mitigation) usually apply to technologies for securing, identifying and responding to a particular form of threat but also could mean the security skills, know-how and processes of an enterprise. Assessing the current expertise will help decide whether additional resources are required to minimize a threat. For instance, there could be an initial degree of security against typical malware attacks if there is company-grade Anti-Viruses (AV). To compare the current AV signals with other detection capacities, for example, the security expert can decide if there is a need to invest more. This is centered on preventive measures. This involves analysis of current application cyber attacks, managing the damages done, and fortifying system security.
