InstructionsWrite a thread containing a thoughtful answer to 1 question. Answer should contain at least 400 words. If necessary, you may list within your thread any concepts on which you need further clarification as well. Also, you must reply to at least 2 threads below. Each reply should contain at least 200 words. Additionally, all posts (thread and replies) should reflect professional writing, current APA standards, include at least 1 scholarly reference (e.g., peer-reviewed journal articles), and integration of at least 1 biblical principle.Thread Question:What is a Pen Test in regards to Information Security?(Answer in at least 400 words)Replies(Reply to each thread in at least 200 words EACH) Thread #1 Risk comparesions and contrasts Collapse All of these are just steps in Risk analysis and dealing with risks. Starting with risk treatment. This is just as how it sounds it is the treatment of the problem. Whether it be selecting or actually doing the treatment it all falls under this step. Unlike the rest, the closest one to the treatment would be risk mitigation but this is more defining the steps of how a company will treat the risk. Risk mitigation is the most broad one because it can be connected to all of them because it is more of a plan instead of step. Authors Chen, Sohal and Prajogo talk about how important it is better to understand this section, “[it is] imperative to obtain a better understanding of the nature of risk which is a premise to developing well-grounded risk mitigation strategies”(Chen et al., 2016). This just goes to show how risk mitigation really falls into the process. Risk avoidance is parallel to treatment because if you can avoid the risk from happing then no treatment is needed and it’s a part of risk mitigation because it can be one of the beginning strategies to try and avoid the problem. This is close to treatment again because you are eliminating things that can cause the risk unlike treatment where you would just be fixing the risk. This Is very different form risk transfer and acceptance because you shouldn’t get to those points if you have avoided it. Risk acceptance is one of the later steps in the process but can also be at the beginning. This is just simply accepting the risk for what it is and what will come from it typically because the company can handle that risk. Risk Transfer is one that any company tries to do. By transfer risk the company can give it to someone else which is the exact opposite of acceptance but can be apart of the treatment or the mitigation of it. Transfer is one that can be connected to a bible verse like, “And my God will supply every need of yours according to his riches in glory in Christ Jesus.”(Philippians 4:19 ESV). We can compare this because God lets us transfer all our risks onto him with our faith. In general, I would say that all of these can be connected in some way whether it be in a comparison or contrasting way.Thread #2Why are data classification systems important?Data classification is the process of organizing data by agreed-on categories. Thoroughly planned classification enables more efficient use and protection of critical data across the organization and contributes to the risk management, legal discovery and compliance processes. To safeguard sensitive data understanding what the data is and how it should be categorized, in terms of where the data will reside, who can access., modify, or delete the data and understanding the consequences if data is leaked in fundamental.There is no one “right” way to design a data classification model and define the data categories. In general, data classification involves tagging data to make it easily searchable and trackable. Labeling or marking is the process of affixing a word, symbol, or phrase on a set of data. The purpose of labeling it o make the readers aware of the level of classification on a set of data. It also eliminates the multiple duplications of data, which can reduce storage and backup costs while speeding up the search process. Handling of the data is also important. Handling guidelines need to be developed for each level of classification. It is important to note, depending on the type of organization, there are regulatory requirements around how data is managed. Requirements may vary depending on the categories of data. Each category must include clear handing guidelines and mandated levels of controls. There are both federal and state rules that might impact an organization. Data classification is important for privacy. A proper data classification allows an organization to apply appropriate controls base on the predetermined category need. Classifying data can save time and money because it an organization can narrow its focus on what important and not put unnecessary controls in place. In its simplest form there are three-levels of data classification can be defended as public data, internal data, and restricted data. Additional, classifications can be applied based on data content. The levels are the foundation the helps an organization improve its security posture by focusing attention, workforce, and financial resources on the data most critical to the business.Policies and procedures should be well-defined, considerate of the security requirements and confidentiality of data types, and straightforward enough that are easy for employees of an organization to understand.The Scripture states that the Word of God should be handled accurately, rightly dividing the Word of truth. Just as data should be handle with care, so much more the God’s Word be handled with care.