Project 1: Vulnerability and Threat Assessment
Step 2: Create a Scope of Work (SoW)
In this step, you will perform a vulnerability assessment once again as the CISO. Since the previous contractor was an external consultant, you will be able to offer insights and consider the big picture of the organization when conducting the assessment. You will prepare for the assessment by creating a comprehensive list of security needs based on findings from the previous step. This list should identify threats, risks, and vulnerabilities to achieve a holistic view of the risk across the entity.
The scope of work is the key element to any project and important to learn. It should be filed as supplementary documentation for purposes of evaluating execution and directional purposes of meeting milestones of a multiphase comprehensive project plan within the vulnerability assessment. The scope of work will be the first section of the final vulnerability assessment report.
Combine the overview from the previous step with the list of security needs into a one-page SoW report. Submit the report for feedback.
Step 2 Sample SOW
Posted Apr 12, 2023 11:53 PM
Be sure you include an overview of the critical mission assets and use the criteria as level 2 headings in the SOW resource from Step 2:
- description of the scope
- product acceptance criteria
- project deliverables
- project exclusions
- project constraints
- project assumptions