A risk action plan or risk response plan addresses risks to ensure that responses to risk align with business goals and reduce risk to those goals. A key component of a risk action plan is identifying and determining the appropriate response to a specified risk. Senior cybersecurity managers find themselves ensuring that business owners have timely and accurate information to make decisions based on recommended risk response options.

$$

Four risk response options need to be analyzed based on a specific risk:

Risk acceptance

Risk mitigation

Risk transfer

Risk avoidance

$$

Review this scenario:

Imagine your organization has signed a contract with the United States Air Force.$$Since it is a Department of Defense $($DoD$)$ contract, it must meet stringent security and compliance requirements that require a separate network from the organization$$s network used for standard administrative business functions such as the human resources information system, payroll system, etc.$$

$$

Based on initial analysis, the organization does not have the employees to design, develop, operate, and maintain the IT network and associated security controls for an isolated network from the business environment.

$$

The longer the organization does not have a secure network for the USAF, the more significant the risk of losing the contract.

$$

Describe your recommended response option.

Explain how this recommendation addresses risks associated with business objectives.