Choose one of the policy implementation documents from this week’s readings (a) DHS Risk Management Fundamentals OR (b) DoD Cybersecurity Culture and Compliance Initiative.
Using your selected policy implementation document (DHS or DoD), prepare a two page briefing paper (5 to 7 paragraphs) for the senior leadership and Red Clay Renovations corporate board. Provide specific information about “the company” as appropriate for your briefing content.
In your briefing paper, you should address how this type of policy implementation document can be used to support implementation of specific risk management strategies.
For the DHS document, you should focus on the use of training and doctrine (establishing a specific business process) as a risk management strategy. Discuss the pro’s and con’s of using a single risk management process across all corporate operations. Make sure to explain the risk management process you choose.
For the DoD document, you should focus on the use of “culture shift” as a risk management strategy. Discuss the pro’s and con’s of using “culture shift” and “individual responsibility / accountability” as a risk management strategy.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
Health & Human Services. (2016). Basics of risk analysis and risk management. Retrieved from http://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/riskassessment.pdf
CESG. (2015). Reducing the cyber risk in 10 critical areas. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/395716/10_steps_ten_critical_areas.pdf
Evans, B. (2015, June 19). Key components of a high-performing information risk management program. Security Intelligence. Retrieved from http://securityintelligence.com/key-components-of-a-high-performing-information-risk-management-program/
National Institute of Standards and Technology. (2011). Managing information security risk: Organization, mission, and information view. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
Department of Homeland Security. (2011). Risk management fundamentals. Retrieved from https://www.dhs.gov/xlibrary/assets/rma-risk-management-fundamentals.pdf
Department of Defense. (2015). Department of Defense cybersecurity culture and compliance initiative (DC3I). Retrieved from http://www.defense.gov/Portals/1/Documents/pubs/OSD011517-15-RES-Final.pdf