In Humphreys’s (2010) “Information Security Risk Management,” he claims that for a risk assessment to be meaningful to an organization, the “security risks must be considered in a business context, and the interrelationships with other business functions… need to be identified” (p. 1). Incorporating all the facets of the organization into the assessment, in context specific to the organization’s purpose and goals, demonstrations the crucial need for security based on their administrative needs. This initial assessment is also the basis of the security plan, aligning it to organizational processes to prevent any disruptions of business tasks. A seamless union of security management and standard business practice instills motivation within the organization to concentration more on the security plan, driving a successful risk management process. By understanding the internal structure of the organization, risks can be properly identified and explained to the organization, allowing for a more specific, streamlined development for an organization’s risk analysis and management …show more content…
In the current methods of developing a security plan, there is a lot of preparation when building up to a capable plan. All the work done from risk identification to risk analysis. Most of the steps taken while creating a security plan require an almost parallel development to the organization’s mission statement and goals, which is a task a computer still is unable to perform successfully. Instead, organizations should focus on allotting the proper amount of resources for the security team to complete and manage their security plan, so that the security team does not have to try to work around a budget or try to find the least-costly methods to analyze the organization’s security