Every organization must decide how to respond to risk. Risk response is the actions taken by
management to reduce risk to an acceptable level. Each risk must be assessed individually because organizations do not handle all risks in the same manner.
Management can use several approaches to respond to risk, including risk avoidance, risk mitigation, risk transfer, and risk acceptance.
Answer the following questions:
1. In general, what do you believe is the least attractive risk approach for a small company? Explain your answer.
2. In general, what do you believe is the most attractive risk approach for a government
organization? Explain your answer.
2) You work for a startup mobile application company called BizNess Apps. You are a small company with only 7 employees, 3 of which are developers. You have determined that your cybersecurity posture is non-existent and companies are staying away because of it. Your team decides to use the NIST Cyber Security Framework as the basis for evaluating and gauging your posture. You are going to be responsible for researching and planning one of the five core areas of the framework (Identify, Protect, Detect, Respond, Recover).
For this assignment, pick one of these 5 core areas to research. Discuss how it can be applied to your company. Evaluate at least 10 subcategories under your core and describe what would be required for your company to evaluate to tier 4 in that subcategory.