Orion Strategy Process

Risk management is the process of identifying risks and determining their probability of occurrence and the associated costs. In many organizations, risk management is not emphasized to the extent that best practices might dictate. If a risk has a high probability of occurring and a high cost associated with it. the organization should attempt to mitigate that risk.
What are some of the ways the Orion Strategy Process helps minimize risk? Why do many organizations choose not to implement this process? What is one reason the cost and infrastructure overhead of implementing the Orion Strategy Process might be worth the benefits? What is one reason it might not? Without performing all of the steps within the Orion Strategy Process, suggest another way to achieve similar results.
Reference: Dhillon, G. S. (2018). Information Security: Text and cases (Edition 2.0). Burlington, VT: Prospect Press. Chapter 5, ‘Planning for Information System Security”
PCI Security Standards Council. (2018, May). Payment Card Industry (PCI) Data Security Standard: Requirements and security assessment procedures (Version 3.2.1). Retrieved from https:l/www.pcisecuritystandards.org/document_library