Problem
There are multiple ways to bring threats and vulnerabilities to light. Standard practices and lessons learned can help us explore known or common threats.
i. Explain the differences in threat, vulnerability, and exploit assessments for information systems and define at least two tools or methods to perform each type.
ii. Describe at least two tools or methods used to implement physical and logical security controls (four in total), then identify the type of security personnel that would be used to implement each and discuss their roles and responsibilities.
iii. Describe three considerations when translating a risk assessment into a risk mitigation plan, then discuss the differences between a risk mitigation plan and a contingency plan.
iv. Explain the two primary goals to achieve when implementing a risk mitigation plan and discuss the mitigation methods for common information system risks.