You have been hired by a large public university as the lead of IT security. The university has adopted Microsoft technologies for most of the IT applications. The Chief Information Officer has asked you to create a process for IT security risk assessment reviews for all IT purchases. Respond to the following questions:
> What are some key activities that managers need to be mindful of when creating a risk assessment policy?
> How would you start a ground up risk assessment process? Who should be involved?
> What will you need to review all applications purchased for IT?
Need 3 pages with peer-reviewed citations. No introduction or conclusion needed.