A first step to developing an enterprise security plan is to identify the specific vulnerabilities and related risks facing an organization. This list should be fairly exhaustive. Many vulnerability and threat pairs will not make the final cut for remediation, but an organization can only properly prioritize these if it has fully covered all of the risks.
Select any Virtual Organization.
Create a list of 50 information security vulnerabilities with related threats relevant to the organization:
Most vulnerabilities will have more than one related threat.
Cover both physical and logical vulnerabilities.