Vaeda is an information security professional working with the risk management team for a medium-sized manufacturing company. They have spent a great deal of time performing quantitative and qualitative risk assessments. They are now in the risk mitigation phase. What they want to know is how can they ensure that all risk is fully mitigated?