It is an accepted truth that without risk there can be no gain. Every individual and organization must take some risks to succeed. Risk management is not about avoiding risks, but about taking risks in a controlled environment. To do this, one must understand the risks, the triggers, and the consequences.
Instructions
Write a 3-4 page paper in which you:
- Define risk management and information security clearly. Discuss how information security differs from information risk management.
- Explain security policies and how they factor into risk management.
- Describe at least two responsibilities for both IT and non-IT leaders in information risk management.
- Describe how a risk management plan can be tailored to produce information and system-specific plans.
- Use at least two quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources. The Strayer University Library is a good source for resources.
Your assignment must follow these formatting requirements:
- This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to the Library site for all support. Check with your professor for any additional instructions.
The specific course learning outcome associated with this assignment is:
- Assess how risk is addressed through system security policies, system-specific plans, and contingency plans.