Discussion Post
• Discuss what are the factors that an organization should consider when determining the scope for establishing security control testing requirements
• Discuss two of the barriers to establishing an effective security test plan that provides an organization the ability to assess the effectiveness of the set of controls in use.
• Compare and contrast the NIST definition of risk contained in NIST Interagency Report (NISTIR) 7298, revision 2), sourced from FIPS 200, with Paul Hopkin's preferred definition of risk: "An event with the ability to impact (inhibit, enhance or cause doubt about) the effectiveness and efficiency of the core processes of an organization." Which definition do you think is better and why?
The response should include a reference list. Using one-inch margins, Times New Roman 12 pnt font, double-space and APA style of writing and citations.