Select an organization that you are familiar with or an organization from a published case study.
Find case studies through the following sources or through a faculty-approved source. Suggestions are as follows:
Search within University Library for these periodicals
Information Week
CSO
SC Magazine
The CEO of your selected organization has requested an enterprise security plan from your team. The first step to developing an enterprise security plan is to identify the specific vulnerabilities and related risks facing an organization. This list should be fairly exhaustive. Many vulnerability and threat pairs will not make the final cut for remediation, but an organization can only properly prioritize these if it has fully covered all of the risks.
Create a list of 30 information security vulnerabilities with related threats relevant to the organization. Keep in mind:
Most vulnerabilities will have more than one related threat.
Cover both physical and logical vulnerabilities.
Place your list in the first two columns of a table in a Microsoft Word or Excel document. The table will resemble the following:
|
Vulnerability
|
Threat
|
Probability
|
Impact
|
Suggested Mitigation Steps
|
|
|
|
|
|
|
|
|
|
|
|
|
Include at least 15 vulnerabilities in your list involving physical security and at least 15 involving logical security.
Note: The other three columns will be used next week. Each row in the table should be a specific vulnerability with a related threat, though it is most likely that some vulnerabilities will have more than one possible threat in the table.