In Chapter 17 of the Fennelly text, the author discusses the two main categories of managing security risks. The core groups include Mandatory practices (required regulatory standards) and Benchmark (minimum standards used) practices.

For this discussion:

1.) Provide an example of how an organization or business used a Mandatory practice, which led to the prevention of, or mitigated risks and or a threat.

2.) Provide an example of a business or organization that used a Benchmark practice which may have led to a critical incident or increased the risk associated with a potential threat.