You have just been hired as an information security engineer for a large, multi-international corporation. Unfortunately, your company has suffered multiple security breaches that have threatened customers\' trust in the fact that their confidential data and financial assets are private and secured. Credit card information was compromised by an attack that infiltrated the network through a vulnerable wireless connection within the organization. The other breach was an inside job where personal data was stolen because of weak access control policies within the organization that allowed an unauthorized individual access to valuable data. Your job is to develop a risk management policy that addresses the two security breaches and how to mitigate these risks. Solution Risk management is a structured approach to administering uncertainty and consist of actions obtain to identify, assess, monitor, and reduce the impact of risks to your big business. Risks are events, conditions or circumstances which lead to negative consequences for your business. A good risk management plan with appropriate risk management strategies can minimize costly and stressful problems, and may also decrease insurance claims and premiums. Efficient risk management starts with the recognizing, by every person in the organization, that the effort is main, and that everyone is supposed to uphold that effort. So far the organization has had its security breached on a number of occasions. According to this trouble, the organization has situated a high level of importance on physical and password security and anti-virus and anti- spyware security. It has also make a decision to use 2 layers of firewalls to prevent hackers from getting in. The organization will also use the IDSs and Virtual Private Networks. These steps with the help of employees and staff should help prevent unauthorized intrusions from both internal and external intruders that will take sensitive information from our clients. Management has the ultimate responsibility to manage risks. Control includes making decisions considering which risks are acceptable and how to address those that are not. Those decisions can be made only with the participation of the entire workforce, since each of us understands the risks of his or her own tasks improved than anyone else in the organization..