Decision
Change in IT required
Evaluate possible risk responses ICS ERM