A first step to developing an enterprise security plan is to identify the specific vulnerabilities and related risks facing an organization. This list should be fairly exhaustive. Many vulnerability and threat pairs will not make the final cut for remediation, but an organization can only properly prioritize these if it has fully covered all of the risks.
Select any Virtual Organization.
Create a list of 50 information security vulnerabilities with related threats relevant to the organization:
Most vulnerabilities will have more than one related threat.
Cover both physical and logical vulnerabilities.
Place your list in the first two columns of a table in a Microsoft® Word or Excel® document. The table will resemble the following:
| Vulnerability | Threat | Probability | Impact | Suggested Mitigation Steps |
Include approximately 25 pairs involving physical security and approximately 25 involving logical security.
The other three columns will be used next week. Each row in the table should be a specific vulnerability with a related threat, though it is most likely that some vulnerabilities will have more than one possible threat in the table.
