In this Lab #6, you reviewed the article titled “Risk Impact Assessment and Prioritization. ”  You also reviewed the results of the assessments in the table and noted how the risks were categorized and prioritized for the IT infrastructure.  You also reviewed Chapter 9 in our text pg. 226 NIST Control families and pg. 227 Functional Controls.
Please answer the following three questions pertaining to Lab #6:
1. Describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan.
2. Describe the difference between Preventive Controls, Detective Controls and Corrective controls. (Be sure to define each type of functional control in your own words)
3. Provide an overview for any 2 (out of the 18 listed in our text) control families.  Please be sure to mention how each of the 2 controls you identified helps an organization.