The CEO of your selected organization has requested an enterprise security plan from your team. This week you will prioritize the threats and vulnerabilities previously identified, and determine which need attention and which may be left for another time. This is done by determining the probability of the risk and the potential impact it may have on the organization. Your objective is to address the risks with the highest probability of happening, with the highest impact on the organization.
Extend your table from Week Two to include columns for Probability of Risk and Impact of Risk on the organization. Include mitigation steps of the top 20 pairs.
Fill out the final three columns in the table from the previous week.
Rate the probability and impact of each vulnerability-threat pair as High, Medium, or Low. (These are independent of each other.)
Rank the pairs in the order they should be addressed by the organization. (High/High rows will be at the top and Low/Low rows at the bottom.) The team will have to decide where to rank rows which are not at these extremes.
Suggest specific mitigation steps to take for the top 20 rows. You will go into more detail for the final project due in Week Five.
Leave the Suggested Mitigation Steps column empty for rows below the top 20.
Prepare a brief explanation on the final rankings.
- Describe how the team finally ranked the pairs and the reasoning behind the suggested mitigation steps.
- Focus on the top 20 rows, but cover why the others were ranked lower and will not be addressed at this time.
- Keep this explanation brief and clear but informative.