Chapter one1. In your own words, what is risk management? Risk management is the process a company goes through to define the organization's assets, threats and vulnerabilities and devise ways to protect them. According to Roper, the importance of risk management as a single function for an organization is becoming increasingly understood at the upper levels of corporate management (Roper, 1999). Furthermore, CEOs, COOs, and CFOs everywhere know that every decision will have pros and cons and involve some degree of risk (“Risk Management,” n.d.). According to the Best Practices website; “Effective risk management offers far-reaching benefits to all organizations and enables them to keep the business profitable and the organization running.” The benefits of risk management will include: • Better basis for strategy setting • Improved service delivery • Greater competitive advantage • Less time spent fighting fires and fewer unwanted surprises • Greater likelihood of implementation of change initiatives • Greater focus internal on doing the right things correctly•More efficient use of resources•Reduced waste and fraud and better value for money•Better innovation•Better management of contingent and maintenance activities.Today there are several strategies and models to help companies perform risk management at the organizational level. The security professional is also tasked with acquiring the skills of a risk manager and this adds new layers to the job.2. Risk management is said to be a systemic approach. What are the benefits of using a systems approach in the risk management process? The need for an organization to protect its assets is critical to the survival of the organization. A process of “…… half the paper……. In the security field there are many consultants and consultancy firms that will provide this type of service. Even in organizations that have an internal security expert, periodic assessments by an external auditor are often recommended, but regardless of the source, periodic assessments must be carried out and, in turn, the security manager must be prepared to use all the resources available to create a proactive and reactive defense strategy. Since numerous automated and non-automated methods are employed, the security manager must stay abreast of known and emerging threats and countermeasures if he or she is to be prepared to protect the organization's interests. Ongoing education, research and periodic risk assessments will all play a role in the success of a comprehensive information security package and effective management practices.