Describe the steps that an organization takes in order      to manage information security risks and build a risk matrix.

Reflect on the following in a minimum of 350 words each.

1. Safeguarding Against Security Threats

A reflection is meant to illustrate your understanding of the material and how it affects your ideas and possible practice in the future.

Individuals and organizations today face a variety of security threats. To protect themselves from these threats, they usually take certain protective measures—commonly known as safeguards.

• Select and research three common security threats      (e.g., ransomware, phishing) and identify at least two safeguards that can      mitigate the risks of each threat. Explain when the safeguards are      effective and when they are not. Lastly, describe any disadvantages of the      safeguards from the perspectives of the IT manager, as well as from      employees at the organization.

2. GDPR

Access the EU’s General Data Protection Regulation (GDPR) that went into effect on May 25, 2018. Review the requirements of the GDPR. Write a summary of the impact of the GDPR and then create recommendations on data protection for the United States. Consider the following questions as you create your recommendation:

• What protections do European citizens have through the      GDPR?
• What are the advantages and disadvantages of the GDPR?      Consider the perspectives of consumers as well as businesses.
• Did the GDPR have a global impact? How did it impact US      companies?
• What information do companies collect on US citizens,      including location information, search history, and social media posts?      Think about what someone would know about you if they could see your      entire search history.
• Access and read Google’s Privacy Policy. Is there anything in the privacy policy that makes you      uncomfortable?

3. Digital Rights Management

A reflection is meant to illustrate your understanding of the material and how it affects your ideas and possible practice in the future.

• Explain the concept of digital rights management      (DRM). Why do organizations use DRM technology to protect intellectual      capital? What is a typical DRM application that can be used to manage      access to digital content? What are the ethical and legal implications of      DRM? What are the overall advantages and disadvantages of DRM?

4. Organizational policies and laws

• As an IT manager, describe how you would use      organizational policies, federal, state, and local laws, and ethics to      guide how to set up your IT architecture, IT policies, and communications      with employees. Express how each of those items will influence your      decision-making. When necessary, cite specific policies, laws, or ethical      frameworks.

5. Information Security Risks

A reflection is meant to illustrate your understanding of the material and how it affects your ideas and possible practice in the future.

• Describe the steps that an organization takes in order      to manage information security risks and build a risk matrix. What is      involved in each step of this process? Use a specific organization in your      response.

6. Security Life Cycle Steps

• Explain the differences between the systems development      life cycle (SDLC) and the security life cycle. Include both management and      non-management IT security positions that perform security life cycle      steps and briefly describe their roles.