Discussion Post
Discusses the importance of conducting risk assessments (RAs). Darril Gibson defines an RA as a point-in-time report used to compare current risks against the controls that are already in place. Although it is beneficial to conduct an RA often, there are challenges to conducting quantitative RAs. For this discussion, you will consider the benefits and challenges of risk assessments with your peers.
In your initial post:
1) Using the internet, find an example of an adverse IT event that was likely a result of failed risk assessment and planning processes.
2) Consider the following:
a) Would a qualitative or quantitative RA have been more effective in preventing the risk? Why?
b) What controls would have been best to implement? Why?
c) In what ways did senior management's attitude toward risk influence how the RA was conducted?
d) How should the company change its RA in the future to prevent this risk from occurring again?