Which term refers to taking appropriate responses to risks to reduce impact?

Taking appropriate actions to address risks in order to lessen their impact is about risk response. After identifying and evaluating risks, you choose and implement measures to reduce either the probability of a threat or the harm it could cause. This is the act of responding to risk—putting safeguards in place, such as applying patches to mitigate vulnerabilities, encrypting data to protect confidentiality, or establishing backups and disaster recovery plans to preserve availability. The other terms don’t describe this reactive and protective action: GDPR is a data privacy regulation, while Data Steward and Data Ownership refer to roles responsible for data governance, not the activities taken to mitigate risk.