Why is identification of risks by listing assets and their vulnerabilities so important to the risk management process?

Part I – Answer the module review questions listed below. These questions were chosen to demonstrate your understanding and help you assess your progress.

What is risk management? Why is identification of risks, by listing assets and their vulnerabilities, so important to the risk management process?
What are the strategies from controlling risk as described in this chapter?
What is a Cost Benefit Analysis?
If an organization has three information assets to evaluate for risk management as shown in the accompanying data, which vulnerability should be evaluated for additional controls first? Which one should be evaluated last?
Part II – Suppose XYZ Software Company has a new application development project with project revenues of $1,200,000. Using the following table, calculate ARO and ALE for each threat category that XYZ Software Company faces for this project.