$1.$ Explain Figure $1$: Organization$-$wide Risk Management Approach.

$2.$ Briefly explain two of the items from the preparation list.

$3.$ Provide a reason why you think the risk decisions at Levels $1$ and $2$ can impact the selection and implementation of controls at the System level.

$4.$ Summarize Figure $2$: Risk Management Framework.

$5.$ Briefly explain why the Monitor step is needed. Provide two examples of what the Monitor step should cover.

$6.$ Select one of the $18$ preparation tasks and briefly explain that specific task.

$7.$ Select one associated title $($for example, Head of Agency, Authorizing Official, Business Owner$)$ and identify at least two of their main duties related to the task you selected.

$8.$ Select one associated title and identify at least two of their main duties related to the task you selected.

$9.$ Select one task from Table $1$ on page $28$ and describe how the task could help Acme achieve its goal of creating a robust risk management plan.

$10.$ In the context of the recent PCI$-$DSS audit findings at Acme Corporation, identify a clause that describes the assets requiring protection.

$11.$ Describe the system at Acme Corporation that was audited recently.

$12.$ Describe two controls that could help mitigate the findings in the PCI$-$DSS audit. One control should be in the information system tier and one control should be in the Organization or Mission$/$Business Process level.

$13.$ Describe how the two controls you selected should be implemented.

$14.$ Which Assess task should you follow after completing Task A$-3?$ Specify the code and name of the task from Table $6$ on page $61.$

$15.$ Assume the role of a top$-$level manager. What authorization decision would you make and why?

$16.$ Think about the vulnerability of a lack of account management procedure. Which monitor tasks would you suggest to monitor the implementation of this control and the authorization of the implementation? Who would be the responsible parties for these tasks?

$17.$ Challenge: Identify two vulnerabilities from different organizational levels, such as one vulnerability from Level $3$ and one vulnerability from Level $1$ or $2.$

$18.$ Challenge: Summarize how the RMF steps could have helped Equifax prevent or mitigate the vulnerabilities you identified. Identify at least one step for each vulnerability.