This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Jean Maurice Rakotoarimanana Review Questions: Chapter4 1-What is the risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying vulnerabilities in an organizations information system and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all the components in the organizations information system. It identifies areas of residual risk that may or may not need to be reduced. This mechanism improves the general state of security within an organization. 3-Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? Everyone, at every level, is responsible for risk management, information security, management, and users and information technology all must work together. Management should take the lead in information security risk management. 4-In risk management strategies, why must periodic review be a part of the process? A periodic review is the most important aspect when it comes to risk management strategies in the technology world. If companies did not check their systems after implementing them they would not be effective to fight off any threats and that is when they would be most vulnerable. Periodic reviews keeps people aware of how the system is running and what changes need to be made to be most efficient....
View Full Document
- Spring '12