Part 1: Using the ERM approach to Risk Management explain the following:
What are the four risk treatment (mitigation) methods?
Explain each method and provide an example as it would apply to an organization’s strategy to effectively manage risk.
Identify controls from ISO 27002 and NIST
SP 800-53 that would align with each of the mitigation methods
identified you identified in step one.
Explain the control and how it applies to the mitigation strategy.
Explain what a compensating control is.
Describe Operational, Technical and Physical controls and provide examples from the ISO 27002 and NIST SP 800-53
Explain the relationships between the following:
ISO 270002 and ISO 27003
NIST SP 800-53 and NIST SP 800-53A