CyberSecurityTips #21: After a threat modelling and a risk assessment what controls should we prioritise?

Control prioritization should be mostly focused on quick wins that fix high-level risks, if something is of high risk and is cheap to fix it should be a no-brainer to do. If there are other choices then those should be evaluated on cost, complexity and how long it is going to take to implement in the organization.