Sec280 W5

Managing risk is an extremely important part of maintaining the public trust in our organization. Our business cannot grow without having strong risk management practices, as weak policies allowed attackers into the network, one through use of a vulnerable wireless connection and the other where an unauthorized individual gained access to information due to weak access control policies. These attacks compromised the security of credit card information and personal data was stolen as a result. Let’s discuss what risk management is and what it involves, what risk management policies can address these security breaches, and how to mitigate these risks.

Risk management is a decision making process that involves determining what types of breaches in security could happen to your business, assessing the impact of a breach if it were to happen, and what you can do to control that impact. This involves identifying risks in your business. There are multiple risks to our business because we house credit card information and personal data, so we must complete a risk assessment to analyze our environment to identify the threats, vulnerabilities, and mitigating actions to determine the impact of an event that could affect our business.

Proper risk management requires a strong commitment from senior management, a documented process that supports our organization's mission, an information risk management policy, and a delegated risk management team. Following these steps will help our organization in reaching our risk management goals and being effective at managing risk. It is important to implement strong risk management policies and to document mitigating actions. Once we’ve identified our company's acceptable level of risk, we need to develop our information risk management policy. The risk management policy should be mapped to the organizational security policies, which lay out the acceptable risk and the role of security as a whole in the organization.

Mitigating or...