Discussion 1: "Principles for Policy and Standards Development"
Answer the following question
• Select two principles for policy and standards development (accountability, awareness, ethics, multidisciplinary, proportionality, integration, defense-in-depth, timeliness, reassessment, democracy, internal control, adversary, least privilege, continuity, simplicity, and policy-centered security). Examine how these principles would be the same and different for a health care organization and a financial organization.
• Determine which type of organization would have the most difficulty implementing the principles you selected. Support your answer.
Discussion 2: "OCTAVE"
Answer the following question
• From the e-Activity, provide a brief explanation of the Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methods. Explain how they are beneficial for organizations developing their IT risk management approaches.
• From the e-Activity, explain how the size of the organization impacts the OCTAVE method utilized. Determine the factors that large organizations, as opposed to small organizations, are most concerned with.
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.