Final answer:
True, mitigation control strategies aim to reduce the impact of a successful attack by planning ahead and being prepared, which involves creating resilience and adapting to available resources and conditions to manage the threat over time.
Step-by-step explanation:
True, the mitigation control strategy indeed aims to reduce the impact of a successful attack through planning and preparation. This is a common approach in both cybersecurity and physical security realms. In practice, it means implementing measures such as emergency preparedness, establishing resilience of critical infrastructure, and developing operational plans that can adapt to resource availability and changing conditions. Such strategies are not intended to eliminate threats completely, as exemplified by the ongoing management of Caulerpa in environmental mitigation, instead they aim to minimize harm and manage the threat continuously.
These plans can be seen as insurance against potential catastrophes. By planning and preparing for worst-case scenarios, we ensure that even if a low-probability event occurs, its potential damage is lessened. This concept parallels the reason why individuals purchase insurance policies: to mitigate against low-probability but high-impact events that could be debilitating.