Risk management

Part A:

For this part of the assignment, you must develop a document that communicates to executive management and stakeholders the importance of implementing a risk management strategy as part of a corporate security program.

You should include the following:

• Process for categorizing risks for privacy and security
• Importance and value of corporate data and the cost of ownership
• Process of risk assessment or analysis
• Risk management strategies and countermeasures
• Definition of each information security role
• Relationship between the information security role and the role of a cybersecurity professional

Length: 4-5 pages

Resources: Minimum of 5 scholarly resources

Part B:

For this part of the assignment, you must research the contents and guidelines of risk management frameworks, develop a matrix comparing the most popular risk management frameworks, and write a report that interprets your research findings.

Your report should include the following:

1. Matrix comparing popular risk management frameworks. You may use the Risk Management Framework Table in the resources as a guideline (attached file). Popular frameworks include:

• National institute of Standards and Technology (NIST) – Risk Management Framework (SP-800-37 R2)
• ISACA Risk IT Management Framework
• Value at Risk (VAR) framework
• Financial economic theory
• SABRE security risk management model for asset management

2. Analysis of the strengths and differences of popular risk management frameworks

Length: 2-3 pages technical report

References: Include a minimum of 5 scholarly resources

Resources:

- Kosub, T. (2015). Components and challenges of integrated cyber risk management. Zeitschrift für die gesamte Versicherungswissenschaft, 104(5), 615-63

- Virgillito, D. (2015). How to protect critical infrastructure from hackers. CIOInsight Online.

- Weston, H., Conklin, T. A., & Drobins, K. K. (2018). Assessing and re-setting culture in enterprise risk management. Assurances et Gestion Des Risques…