According to its definition, Risk Treatment is the process of selecting and implementing of measures to modify risk. Risk
treatment measures can include avoiding, optimizing, transferring or retaining risk. The measures (i.e. security measurements)
can be selected out of sets of security measurements that are used within the Information Security Management System (ISMS)
of the organization. At this level, security measurements are verbal descriptions of various security functions that are implemented
technically (e.g. Software or Hardware components) or organizationally (e.g. established procedures).