1. What is risk management? The process of identifying risk, as represented by vulnerabilities, to an organization’’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.

Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? It is a starting point for the next step in the risk management process –– risk assessment.
2. According to Sun Tzu, what two key understandings must you achieve to be successful in battle? Know the enemy and know yourself.
3. Who is responsible for risk management in an organization? Each community of interest has a role to play in managing the risks that an organization encounters.
Which community of interest usually takes the lead in information security risk management? information security community

4. In risk management strategies, why must periodic review be a part of the process? To verify the completeness and accuracy of the asset inventory, review and verify the threats to and vulnerabilities in the asset inventory, as well as the current controls and mitigation strategies. Must also review the cost effectiveness of each control and revisit decisions on deployment of controls. Managers at all levels must regularly verify the ongoing effectiveness of every control deployed.
5. Why do networking components need more examination from an information security perspective than from a systems development perspective? Networking components need more examination from an information security perspective than from a systems development perspective because networking subsystems are often the focal point of attacks against the system.
6. What value does an automated asset inventory system have for the risk identification process? An automated asset inventory system would be valuable to the risk identification