Discussion 13 - Enterprise Risk Management - Initial post

Discussion 1

After reading the article this week, and any other relevant research you locate, please discuss the following: 

Please summarize, in your own words, a description of enterprise risk management. Why do you feel ERM is different from traditional risk management?

Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following:

Discussion 2

After reading this week's article, and any other relevant research you locate, please discuss the following in your main post:.

· Which case study in the paper was most interesting to you and why?

· Do you think that ERM is necessary in the contemporary organization and why?

Discussion3

From your research, discuss whether or not your organization has ISO 27001 certification. Outside of overall protection from cyber-attacks, describe, in detail, some other benefits your organization will achieve in obtaining this certification. If your company does not have this certification, how can they go about obtaining it?

Present your discussion post as if you were presenting to senior leaders of your company.

Discussion 4

After reading the article this week, please answer the following two questions.

· What are some of the potential risks involved with cloud computing?

· Does the research and model in this article propose a viable solution to cloud-based risk management?

Discussino 5

The readings this week discusses broad context of risk and investigative forensics. Part of risk management is to understand when things go wrong, we need to be able to investigate and report our findings to management. Using this research, or other research you have uncovered discuss in detail how risk and investigate techniques could work to help the organization. ERM helps to protect an organization before an attack, where as forensics investigate technique will help us after an attack - so lets discus both this week.

Discussion 6

The readings this week expand on investigation and of digital forensic analysis and investigations. Organizations, especially those in the public, health and educational areas are bound by legal and statutory requirements to protect data and private information, therefore digital forensics analysis will be very beneficial when security breaches do occur. Using this weeks readings and your own research, discuss digital forensics and how it could be used in a risk management program.

Discussion 7

The article on IRB this week discusses broad consent under the revised Common Rule. When you are doing any sort of research you are going to need to have your research plan approved by the University’s institutional review board or IRB. If you have never heard of this term before, please take a look online and find a brief summary of what it is about, before you read the article.  

Please answer the following questions in your main post:

· What are the main issues that the article addresses?

· What is the Common Rule?

· How is this issue related to information systems and digital privacy?

Research Paper 1

The reading this week discusses strategy and how ERM can be integrated with an organization’s overall strategy. Prepare a research paper on some of the various issues, protocols, methods, frameworks you found and discuss how – if possible – organizations can use ERM as strategy. It is perfectly acceptable if you deem ERM cannot be used as strategy, just back up your claim with scholarly research and justifications.

Research Paper 2

T he required article readings this week give a good discussion and look at some of the frameworks that are used to manage risk within organizations and enterprises. One of the readings this week provided an introduction and comparison of different frameworks. As with anything, there are going to be strengths and weaknesses to all approaches.

For your week 6 research paper, please address the following in a properly formatted research paper:

· Do you think that ISO 27001 standard would work well in the organization that you currently or previously have worked for? If you are currently using ISO 27001 as an ISMS framework, analyze its effectiveness as you perceive in the organization.

· Are there other frameworks mentioned has been discussed in the article that might be more effective?

· Has any other research you uncover suggest there are better frameworks to use for addressing risks?

Research Paper 3

What are baseline security requirements that should be applied to the design and implementation of applications, databases, systems, network infrastructure, and information processing when considering cloud computing within an enterprise risk management framework?

Research Paper 4

Your task this week is to write a research paper discussing the concept of risk modeling. Please also evaluate the importance of risk models. Lastly, construct an approach to modeling various risks and evaluate how an organization may make decisions about techniques to model, measure, and aggregate risks.

Research Paper 5

After reading the required articles this week, please write a research paper that answers the following questions: 

· What are mobile forensics and do you believe that they are different from computer forensics?

· What is the percentage of attacks on networks that come from mobile devices?

· What are challenges to mobile forensics?

· What are some mobile forensic tools?

· Should the analysis be different on iOS vs Android?