Please respond to the initial discussion questions below and provide different r

Please respond to the initial discussion questions
below and provide different responses for the two students (John and Heather) posts
below. The format should look like the request below. Again, please provide
three different responses. PLEASE MAKE SURE THERE ARE 3 DIFFERENT RESPONSES. The
INITIAL and the 2 STUDENTS. PLEASE DO NOT JUST RESPOND TO THE 2 STUDENT
RESPONSES
Week 6 Discussion
Who is responsible for Risk Management in an organization? Which community of interest usually takes the lead in information asset risk management? Which community of interest usually provides the resources used when undertaking information asset risk management?
John’s post:
Risk management is an aspect of an organization that needs to be adopted and understood by all. Different parts of a business can be exposed to risks. Such as project teams and IT security teams. Risk management is the management of potential risks along with its mitigation. Risks need to be understood and assessed to see their likelihood of it occurring and then move from there. In terms of information being vulnerable, a security lead such as a CISO or Information security manager needs to be aware of risks. Furthermore, an environment needs to be assessed and their level of impact needs to be understood in order for appropriate action to occur.
Heather’s post:
Management is responsible for identifying and controlling the risks an organization encounters; while at the same time, everyone is responsible in different ways. Together the InfoSec, IT, and General management and users communities of interest assume responsibility for managing risks in an organization. When it comes to taking the lead in information asset RM, senior and executive management work with the CISO in a unified governance to develop and enable the an effective risk management implementation. The governance group will often start allocating the needed resources to support the RM program development and implementation once the policy has been developed or concurrently while it is in development. This is normally a multi-phase effort, starting with enough resources to support the framework design then providing supplemental support through implementation and execution.