Instructions: There are 3 parts in this discussion assignment. Choose and respond to 2 of the 3 parts. Make sure to reply to at least 1 classmate to further the discussion(s). In your reply, you can ask questions, add additional information, or share information.

Part 1: Select a risk management document (SAP, SAR, SSP, etc.) not yet covered or expand upon the topic.

i) Describe it. What type of information is in it? Why is it important? What risk-based decision is made from it?

ii) Who creates, maintains, and approves it? Is it of a one-time, periodic or continuous nature?

iii) Describe any related documents, if any. Which task(s) require/produce it?

iv) On the scale, 1-Very Poor, 2-Poor, 3-Fair, 4-Good to 5-Excellent, assess how well your own organization (or a hypothetical organization) manages/uses it. Explain why.

Part 2: Select a CA, CP, or IA control not yet covered in lecture or posted about this week.

i) Describe the control. Give an example. Is it a common, system-specific, or hybrid control? Is it an operational, technical, management, or privacy control? Is it a preventative, detective, or corrective control?

ii) Describe any related controls, if any. How interdependent are these controls?

iii) Describe at least one control enhancement, if applicable.

iv) Assess if your own organization (or a hypothetical organization) should have this control in place and at what impact level (Low, Moderate, High). Be sure to discuss what selections and assignments the organization may choose and why. For example, an [Assignment: organization-based frequency] may be expressed as 30 days, 3 months, or 1 year.

Part 3: This Week in Risk Management

Each week, we will have a "This Week in Risk Management" discussion about recent and developing issues related to the Risk Management Framework (RMF). This discussion will provide the opportunity to stay 'attuned' to current RMF issues in the news and share at least one event, activity, or development with the class. For example, if NIST posts a new revision of an existing publication, a blogger supports or refutes the value and benefit of the RMF process, or a specific organization has a data breach due to missing or inadequate controls (i.e., Kmart's, Wendy's, or Target's inability to recognize and mitigate the root cause of repeat preventable weaknesses in their point-of-sale (PoS) systems), then these would be shareable stories.

Find an RMF current event, activity, or development in the news. In your post, briefly summarize the event and discuss why it was/is/will be significant. Use any legitimate news source (television, internet, periodicals, etc.) to support your topical input. Questions to address might include:

How does the event relate to issues addressed in class this week?

How might similar situations be mitigated in the future based on your existing knowledge of RMF?

What and how wide is the impact of this event locally, nationally, or globally?

Include APA formatted references and citations so your classmates may read and reply to the story.