The discussions should be in APA format including references and between 350-400 words. Attached PDF version of the chapters.
1) Chapter 7 discusses situational awareness. Much of the security efforts of the past have been centered around prevention and protection. The increasing sophistication of cyber attacks have shown that no controls are 100% effective, and some compromises do occur. There is a rising realization that in addition to considering prevention and protection, controls that address detection and response are necessary to improve security posture. Please describe how situational awareness is a driver for detection and response controls.
2)Chapter 18 presented special risk management issues with Blue Wood Chocolates, and chapter 19 presented various financial risks at Kilgore Custom Milling. If Blue Wood Chocolate and Kilgore Custom Milling are to develop a risk management framework, who should lead the process at each company? Should a Chief Risk Officer (CRO) be appointed? If so, to whom should he/she report and have access to? How could smaller companies without the resources for a dedicated CRO deal with ERM? What is the role for the board in such a process?