a) Identify and discuss three concepts you learned from this course? do you see these concepts as beneficial to your day-to-day risk management functions?
b) What did you find most value (assignments, labs, discussion and projects) in this course and why?
Answer preview
The organization needs to follow a specific criterion when dealing with risks and threats. The first step is identification. It involves the process of identifying the organization’s digital assets. It aims to understand information security risks and controls to mitigate risks. Secondly, it’s the protection step that entails safeguarding the organization’s assets from security risks identified in the first step (Shamala et al., 2017). Moreover, the implementation step is initiated. It involves the process of adopting formal policies and data security controls. After implementation, the security control assessment begins. The security controls that the organizations adopt require regular scrutiny to ensure they are within the given standards.
