DQ 1)Based on the Drumheller (2010) article, why would you consider conducting an information security gap analysis on a regular basis as an essential best practice for ensuring enterprise risk management? What are the major factors to consider when conducting an IS gap analysis? Summary These last few weeks, we have had an opportunity to study and hopefully gain a better understanding and appreciation for IT Risk Management and the various topics that comprise this compelling objective

Subject:ManagementPrice: Bought3

Share With

DQ 1)Based on the Drumheller (2010) article, why would you consider conducting an information security gap analysis on a regular basis as an essential best practice for ensuring enterprise risk management? What are the major factors to consider when conducting an IS gap analysis?

Summary

These last few weeks, we have had an opportunity to study and hopefully gain a better understanding and appreciation for IT Risk Management and the various topics that comprise this compelling objective. However, despite all of the well founded ideas, standards and best practices that we have studied and explored, I know that each of us have or will probably at one time been burdened with trying to state a case for improvement and/or in addressing the need for mitigation or remediation. IT risk management is not an easy task and accordingly it requires a certain level of tact, assertiveness and validation.

Please review the preceding referenced web-article, consider the topics that we have been exploring and provide your initial summary on the methodology that you would take if you were leading a CIS Risk Management project team which is dealing with a challenging management team and/or Board. Additionally you are to also review and provide feedback to at least 2 other peers regarding their initial approach.