Identifying Potential Risk, Response, and Recovery Students Name Institutional Affiliation Executive summary This document highlights the possible controls of the earlier identified risks it also looks into the details and recommendations to the CIO of the organization. Each and every organization intends to fulfill their agendas, and in this age, the use of information systems enhances that. Thereby risk management plays a key role in offering protection to the company’s assets. The process requires being viewed as one not just protecting the organization’s information but as an essential function of management of the organization. Malicious threats have proved pricey for organizations to take action against in both attack defense and risk mitigation. The organization faces both internal and external threats. The internet has played significantly in external threats to the organization while it still faces major internal threats. The internal threats pose a great threat for damage. Internally the malware and the conduct of the employees pose a potential risk to the system. I recommend that the organization needs to protect itself against the threats. However, it can be difficult, and the organization needs to create a balance between capability, operational considerations, protection, performance, and cost. Be at the forefront of mitigation strategies lie in between protecting the internet to internal networks boundaries and protecting the environment of computing. Introduction Risk management includes processes of risk assessment, risk mitigation, and risk evaluation. This paper uses the strategy for dealing with the associated risk as risk mitigation.