critique discussion below


For the DHS document, you should focus on the use of training and doctrine (establishing a specific business process) as a risk management strategy. Discuss the pros and cons of using a single risk management process across all corporate operations. Make sure to explain the risk management process you choose.

Red Clay Renovations is actively engaged in the risk management process that consist of identifying risks, assessing the impact or potential of various risk, and determining the right course of action to handle it. The CISO has determined that the closest fit for the level of security required by law for the company’s IT systems is the “moderate level” as defined in the FIPS 199/200 standards and specified in NIST SP 800-53 Revision 4. The CIO also reported that the CISO is working with the IT Governance Board to restart the company’s security education, training, and awareness (SETA) program. SETA activities had fallen into disuse due to a perceived lack of quality and lack of timeliness (out of date materials) (King, 2019).

Risk management is not an end in and of itself, its designed to be a continuous fluid process that evolve with the company as threats change or become stronger. It helps business implement lifecycle steps to include planning, preparedness, program evaluation, process improvement, and budget priority development. Establishing the infrastructure and organizational culture to support the execution of Red Clay Renovations security risk management is a critical requirement for the company and its shareholders. Risk management is essential for leaders in prioritizing competing requirements and enabling comprehensive approaches to measure performance and detail progress (“Risk Management Fundamentals”, 2019)

Theirs many types of risk that businesses face from strategic, compliance, financial, operational etc. Every business is subject to a variety of risk depending on the industry its set it. Strategic and compliance risks are those risks associated with operating in an industry. Some risk to consider would be merger and acquisition activity, change amongst customers or in demand, industry change, research and development. Considering this the company will have to have a plan to manage those risk to keep its relevance for profitability. Having a variety of processes to access these risk shows your dedication to the company and stake holders neglecting one of these areas could weaken businesses (“Manage risk”, 2019).

Regarding Red Clay Renovations the type of risk management that’s best suited for the business is operational risk management. All business could benefit from a strong operational risk management process. The risk of loss resulting from inadequate or failed internal processes, people, and systems is high with RCR. Its business model is around digital automation or Internet of things for customers homes. The company must make sure all its internal processes are secured from compromises security breathes. If someone was to breathe the network, it could potentially open all the company logs on customers data leading to privacy invasions and home invasions due to compromised services (Management, 2019).

Since security will always lag new technologies and solutions, companies risk management programs must rely on their employee’s ability and inclination to do the right thing to a greater degree than ever before. These organizations have been successful in force feed training and communications, they struggle to maintain that understanding. Most awareness efforts are based on unstated assumptions that do not reflect the implicit cost-benefit analysis that employees go through to decide whether to comply with a policy (“Key Components of a High-Performing Information Risk Management Program”, 2019).


Department of Homeland Security. (2019). Risk management fundamentals. Retrieved from

King, V. (2019). Red Clay Renovations Company Profile. Retrieved from

Key Components of a High-Performing Information Risk Management Program. (2019). Retrieved from

Manage risk. (2019). Retrieved from

Management, R. (2019). Operational Risk Management | Enterprise Risk Management. Retrieved from