**2. Overview and investigation of existent information risk management systems and their mitigation controls**

Throughout this chapter, we define a risk mitigation control to be a measure which could reduce the current or potential risk degree. However the risk degree is evaluated in various aspects and from different point of views, and each mitigation control has its own property, characteristic, and merit, the total process of risk mitigation can be summarized in several similar steps. In this section, we will see some risk evaluation and management methodologies.
