Do you agree or disagree and WHY?
Enterprise risk management is is the process a business or individual undertakes to plan, organize, control and lead the activities that affect a company's or individual's capital and earnings (Rouse, 2018). ERM, as it's called, is essential in setting up any type of security for yourself or your business, whether that's cybersecurity or physical security it's all necessary to protect information and facilities.
NIST or the National Institute of Standards and Technology Cybersecurity Framework, was created in 2014 after President Obama issued Executive order 13636, which called for NIST to develop a cybersecurity framework that would help mitigate and reduce risk that could potentially effect national and economic security (Lei, 2014).
ISO 27001 - This is the most commonly used standard in the ISO 27000 family and it "specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization (ISO, 2018)."
All three of these are integral pieces to setup a functional and sustainable security system that adheres to necessary standards set up to keep your data and infrastructure safe.
They also aid you in making sure that the steps taken by each individual company or person are taken with the best interest of that individual or company in mind.
Lei Shen1. (n.d.).
Rouse., M. (2018). Enterprise risk management.
ISO. (2018). ISO/IEC 27001:2013.
100 words response ...no references....no citations.