This document presents a student's solution to an Information Security Policy Management assignment. The assignment addresses key areas such as disaster recovery planning, including conducting an asset inventory, performing risk assessments, defining recovery objectives, and selecting appropriate tools and techniques. It also explores the use of outsourcing for risk transference, specifically examining the advantages and disadvantages of using Amazon Web Services (AWS) for cloud storage and the transfer of security responsibilities. The assignment further delves into the comparison of risk treatment processes as defined by ISO 27005 and NIST 800-39, highlighting their approaches to selecting security measures for risk reduction, retention, avoidance, and transfer. The solution includes references to relevant academic sources.
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
