Project 1: Vulnerability and Threat Assessment
Step 6: Prioritize Threats and Vulnerabilities
Now that you have explained and classified the threats and vulnerabilities, you will prioritize them using a reasonable approach as explained in the project plan. As you prioritize the identified threats and vulnerabilities, you will need to:
- include both internal and external sources of threats
- consider assessment of exposure to outages
- consider information resource valuation
- indicate which approach you are using and justify your choice
Use this information, along with the threat and vulnerability explanations and risk classifications from the previous steps, to develop the threats and vulnerabilities report.
Compose a two- to three-page report regarding specific threats and vulnerabilities of the technical aspects of the environment. This report will be used in the final vulnerability and threat assessment report.
Submit the threats and vulnerabilities report for feedback.
Step 5: Classify the Risk of Threats and Vulnerabilities
Throughout this project, you have developed a foundation for the vulnerability and threat assessment by classifying critical organizational aspects, creating a scope of work, and explaining security threats and vulnerabilities. Now, you are ready to classify the organization’s risk according to the relevant data determined in the project plan.
Company demands, management input, compliance requirements, and industry probability of exploitation are all considerations when classifying the risk of threats and vulnerabilities. Based on these considerations for the midsize government contracting group, further clarify the vulnerabilities and threats you have itemized. Explain why each is a vulnerability or threat, as well as why it is relevant to the overall assessment.
Consider continuous monitoring issues as you work through the classification. Use the threat and vulnerability explanations from the previous step and risk classifications from this step to develop the threats and vulnerabilities report.
In the next step, you will prioritize the threats and vulnerabilities you have explained and classified.