Discussions

Q1)  Risk in the context of security is the possibility of something bad happening, and the results of the damage if it occurs. Discuss the purpose and benefits of establishing a formal Information Risk Management (IRM) process. 

Q2)  Discuss the importance of Due Diligence and Due Care and how they relate to information systems security. Under what conditions could there be Due Diligence without Due Care?