Ideally, responses to risks should be designed to protect the confidentiality, integrity, and availability of systems, networks, services, and data, while also ensuring the usability of these measures ...