Assignment
Organizational risk management policy does not occur in a vacuum; rather it is the result of perception, experiences, and governmental mandates, which all comprise the risk environment of the organization.
Thus, before we can analyze the role which policy plays in risk management, we must understand its context.
Discussion Question
Consider the IT infrastructure of an organization and discuss the following key roles involved in the task of risk assessment:
Senior management.
IT management.
Functional management and employees.
Contractors and vendors.
Laws and regulations.
Each role could be discussed in the context of a different organization with its existing IT infrastructure. If looking at an actual organization is not possible, consider a scenario with a typical IT infrastructure.