Assignment: Risk Mitigation and the Organization
As outlined in NIST Special Publication 800-30, the foundation for the development of an effective configuration management program contains both the definitions and the practical guidance necessary for assessing and mitigating risks identified within IT systems. The ultimate goal of such a system is to help organizations to better manage IT-related mission risks, which constitute the net negative impact of the exercise of vulnerabilities, considering both the probability and the impact of their occurrence. Thus, as the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level, risk management is the critical driver in any effective configuration management program.
Discussion Questions
In your post, select and refer to an organization with which you are familiar or can research in substantial detail regarding the tools that are used to mitigate risk in the organization's information security.
What tools are used by the organization in mitigating risk?
Why were the tools chosen?
Do the tools chosen comply with the organization's security policies with regard to risk mitigation?
From the perspective of the organization's INFOSEC personnel, are the tools likely to be successful in risk mitigation? Why?
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.