• Determine the effectiveness of the risk response after implementation.• Identify how the impact of the risk changes the organization's information system and the landscape in which systems operate.• Risk monitoring also requires organizations to describe how they plan to verify its compliance with various laws and regulations.3. Importance of Risk Management for Business Leaders Business leaders and managers are entrusted with the responsibility of ensuring that due diligence is performed while making decisions for the organization. Having a formal risk management program as part of the organization's information security program provides leaders with adequate process and diligence before making important information security decisions. Risk analysis helps managers decide whether or not to proceed with a new security program, while risk assessment would help determine whether the types of controls to implement (Peltier, 2010). Risk assessment also helps identify countermeasures to mitigate risks, or helps decide whether it is better to accept the risk rather than mitigate it