Wendy Only

Information Technology Responsibility

IT departments in organizations are often expected to define a company's information security policy. Although much of the security that needs to be added into an organization may reside in IT, all of the departments are involved in implementing the policies. • Which department in an organization do you believe should be responsible for the company's information security and why? • What are some advantages and disadvantages of your choice? • What tools would an information security manager need to properly implement the necessary security within an organization?

Orion Strategy Process

Risk management is the process of identifying risks and determining their probability of occurrence and the associated costs. In many organizations, risk management is not emphasized to the extent that best practices might dictate. If a risk has a high probability of occurring and a high cost associated with it, the organization should attempt to mitigate that risk. • What are some of the ways the Orion Strategy Process helps minimize risk? • Why do many organizations choose not to implement this process? • What is one reason the cost and infrastructure overhead of implementing the Orion Strategy Process might be worth the benefits? What is one reason it might not? • Without performing all of the steps within the Orion Strategy Process, suggest another way to achieve similar results.