For this part of the assignment, you must develop a document that communicates to executive management and stakeholders the importance of implementing a risk management strategy as part of a corporate security program.
You should include the following:
Process for categorizing risks for privacy and security
Importance and value of corporate data and the cost of ownership
Process of risk assessment or analysis
Risk management strategies and countermeasures
Definition of each information security role
Relationship between the information security role and the role of a cybersecurity professional
Length: 4-5 pages
Resources: Minimum of 5 scholarly resources
For this part of the assignment, you must research the contents and guidelines of risk management frameworks, develop a matrix comparing the most popular risk management frameworks, and write a report that interprets your research findings.
Your report should include the following:
1. Matrix comparing popular risk management frameworks. You may use the Risk Management Framework Table in the resources as a guideline (attached file). Popular frameworks include:
National institute of Standards and Technology (NIST) – Risk Management Framework (SP-800-37 R2)
ISACA Risk IT Management Framework
Value at Risk (VAR) framework
Financial economic theory
SABRE security risk management model for asset management
2. Analysis of the strengths and differences of popular risk management frameworks
Length: 2-3 pages technical report
References: Include a minimum of 5 scholarly resources
– Kosub, T. (2015). Components and challenges of integrated cyber risk management. Zeitschrift für die gesamte Versicherungswissenschaft, 104(5), 615-63
– Virgillito, D. (2015). How to protect critical infrastructure from hackers. CIOInsight Online.
– Weston, H., Conklin, T. A., & Drobins, K. K. (2018). Assessing and re-setting culture in enterprise risk management. Assurances et Gestion Des Risques…