Tomatoes and bananas are not the same as apples and oranges?  This is untrue according to the Lexico online dictionary.  In fact, true fruits are developed from the ovary in the base of a flower and are contained in the seeds of the plant. Tomatoes and bananas are the same as apples and oranges.   What do tomatoes, oranges and climate change have to do with cyber security?  Climate change is congruent to cyber security threat events initiated by threat sources. Without governments’ support and long-term sustainable solutions in managing climate change, climate change will continue to disrupt the lifecycle of true fruits.   In cyber security,  without senior management acknowledgement and budget to manage incident response, cyber threats will continue to disrupt the lifecycle of data management. This blog is not about climate change or true fruits; however, cyber security adverse incidents are becoming the second leading cause of business disruptions and loss of business income in the 21st century.  The number one leading cause of business disruptions is environmental threat sources. How do IT Security Professionals manage data?  The first step in managing and protecting data is data classification, encompassing the enterprises of risk management and security operations.  If users are subjected to separation of duties, should managing risk and incident handling be subjected to separation of duties. Why?? In other words, risk management and incident response handling should not be in concert by the same personnel. Companies are failing to swim upstream. There is natural propensity for salmon to swim upstream.  Yes! No!  The function of data management is cyclic. Yes! No! Ocean temperatures are rising, and cyber security threat actors are going undetected in networks for an average of 78 days, resulting in substantial data loss.  On October 1, three Alabama hospitals were debilitated due to a ransomware attack according to Katie Reilly.  DCH Health System affected facilities were DCH Regional Medical Center, Northport Medical and Fayette Medical Center.  Ransomware is not a sophisticated malware.  Many employees serve as accidental threat agents and are implicit in threat events. Hackers had elevated privileges for several hours, days or months-I’m assuming.  “In preparing for battle,”  Dwight D. Eisenhower states,  “I have always found that plans are useless, but planning is indispensable.”  What borders a risk management plan, and what shrouds an incident response plan?  Risk assessment is a key component of a risk management plan as glucose is a key component of photosynthesis.  Performing a risk assessment involves subjective relationships (i.e., qualitative analysis) and monetized cost-control relationships (i.e., quantitative analysis).  The latter determines which threat events are managed and mitigated.   The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30 describes guidelines in assessing information security risks.  The four pillar steps are  (1) prepare assessment, (2) conduct assessment, (3) communicate results and (4) maintain assessment, and they are in alignment with NIST’s incident response phases.  The four incident response phases are (1) preparation, (2) detection and analysis, (3) containment, eradication and recovery and (4) post-incident activity.  What is the crux of the blog?  Mountainous standards, procedures and tools are available to reduce the impact of risks.  Why is ransomware continually adverse? 

^{Resources:
Blank, Rebecca M. and Gallagher, Patrick D. Guide for Conducting Risk Assessments-Nvlpubs.nist.gov. Sept. 2012, https//nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf. Accessed 02 October 2019.
Chrphre. Ordinary]-e-[. 8 July 2011. Flickr.
https//www.flickr.com/photos/chrstphre/5915885385/.  Accessed 08 May 2019.
Cichonski, Paul, et al. Computer Security Incident Handling Guide- Nvlpubs.nist.gov. Aug. 2012, https//nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf.
“Dwight D. Eisenhower.” Wikipedia, Wikimedia Foundation, 29 September 2019, https//en.wikipedia.org/wiki/Dwight_D._Eisenhower. Accessed 03 October 2019.
Girken, Elisha. “Incident Response Steps Comparison Guide for SANS and NIST.” AlienVault, Inc, 22 January 2019, https//www.alienvault.com/blogs/security-essentials/incident-response-steps-comparison-guide. Accessed 02 October 2019.
GitHub. https//github.com/vz-risk/VCDB/issues/14285. Accessed 03 October 2019.
“Is A Tomato A Fruit Or A Vegetable?” Lexico Dictionaries/ English, Lexico Dictionaries, https//www.lexico.com/en/explore/is-a-tomato-a-fruit-or-a-vegetable. Accessed 01 October 2019.
Nutt, Chris. “M-Trends 2019: Celebrating 10 Years of Incident Response Reporting.”  Fireeye.com,  04 March 2019, https//www.fireeye.com/blog/executive-perspective/2019/03/mtrends-2019-celebrating-ten-years-of-incident-response-reporting.html. Accessed 04 October 2019.
Reilly, Katie. “3 Hospitals in Alabama Forced to Turn Patients Away After Ransomware Attack.” Time.com, 02 October 2019, https//time.com/5690814/alabama-hospitals-ransomware-attack/. Accessed 03 October 2019.}