Once we have identified, categorized, and prioritized the threats to our software system, we can produce approaches that document how we want to respond to the threats. In the Software risk management section of Chapter 2, Software Architecture in an Organization, we discussed software risk management in the context of project management and delivering a software application. The different risk management options can also be applied to the context of security threats. As a response to a security risk, we can avoid the risk, transfer the risk to another party, accept the risk, or mitigate the risk.