The assignment analyzes the information security risk management of Merck & Co., a US-based pharmaceutical company that was affected by a sprawling cyber-attack known as Ransomware in 2017. The paper suggests that Merck should have performed internal and external environment analysis to detect the possible threat, which could have protected the company from the hacking attack. The study also highlights the importance of implementing strategies regarding network security to deal with uncertain problems and sustain the performance of the company.