Requires reading Chapters 19. Please include page numbers in every in-text cita

Requires reading Chapters 19.
Please include page numbers in every in-text citation.
Please reply to the following:
In chapter 19, Norman discusses the cost-effective metrics and implies to be used as an extra tool in risk management. From the interpretation, the author actually prefers the counter meausre formula rather than this one as it ensure real security. “The only reason to have a security program at all is to prevent the unwanted consequences of not having a security program.”(Norman,2016) If you want the same state of the art security, like the federal goverment has then costs will have to increase. The only problem is thatmost businesses do not recieve big funding, which leads to drawbacks in quality of the countermeasures. However it is a necssary step as you would not want to jeopardize the business by going “broke”. As somone performing a risk assesment they would want to ensure security within the means of the organization; enough. to protect your assets.
Please reply to the following:
The whole purpose of security management is to protect an asset or an organization. Without proper risk analysis, there is no guarantee of safety. For a successful organization, skillful analysis and prevention methods are a necessity. With the advancement in technology, many security programs aid in protecting against unknown threats. Management needs to cater to any circumstances that could cause harm. In doing so, they need to assess the cost of the protection or programs needed to protect the asset. “The security program must be funded adequately so that it can protect the assets of the organization from harm. But in any given year, little harm may occur naturally, and then suddenly in one-year great harm can occur” (Norman, 2016). It is very reckless for an organization to accept risks, either because the likelihood is so low or because the cost of mitigating the risk is very high. “Cost-effective analysis provides a way to consider the gains of an intervention versus the costs and risks, straightforwardly comparing the economic and scientific consequences of any given program” (Jamison, 2006). The cost-Effectiveness Matrix is very important because it illustrates and supports the recommendations both for the baseline security program and for the antiterrorism. Though it is a very large and complicated spreadsheet, it serves as a breakdown of the cost-effectiveness of the asset or organization.