Employ organization-defined controls by type of denial-of-service to achieve the denial-of-service objective.