Taking into accord factors such as risk, level of vulnerability, need of security in the business, and the projected budget; recommendations should be constructed to ensure that there is a potential plan to execute mitigating steps against the identified vulnerabilities.