On page 24 of the , there is an example of a threat /risk assessment which is part of a risk management program. Using one of your previous case-study incidences (each student has a choice to select which incident to write about) please create a threat matrix (See example belowe). Your assessment must include what you feel is the threat to the incident you selected with the following columns:
Asset ID: (select at minimum 4 asset ID’s, for example, People, Process and Software (which become your rows), Vulnerability, Consequence (your rating), Likelihood and Treatment (Mitigation).
Asset ID Vulnerability Consequence Likelihood treatment
Your matrix must be filled out so that a risk assessment/mitigation strategy for identified asset is clearly stated with relevant information.