Now that you have explained and classified the threats and vulnerabilities, you will prioritize them using a reasonable approach as explained in the project plan. As you prioritize the identified threats and vulnerabilities, you will need to:
- include both internal and external sources of threats
- consider assessment of exposure to outages
- consider information resource valuation
- indicate which approach you are using and justify your choice
Use this information, along with the threat and vulnerability explanations and risk classifications from the previous steps, to develop the threats and vulnerabilities report.
Compose a two- to three-page report regarding specific threats and vulnerabilities of the technical aspects of the environment. This report will be used in the final vulnerability and threat assessment report.