Please identify the following, focusing on step 4, remediation, in keeping with the focus of the lesson this week. Identify if that security control you are recommending to protect your asset is preventive, detective, or corrective.
1. Asset identification: Identify what might be a personal or business asset (think of something you have at home that you would like to protect, or something that your company has that needs protection).
2. Attacker/threat identification: Who are the likely attackers to that asset? What other threats are there that can negatively impact that asset? Remember that an attacker is always a person with intent, and is only one type of threat – we also have natural disasters, accidents, etc. that are not “attacks” as they don’t have malicious intent behind them.
3. Impact: Identify the impact if the attack or threat was “actualized” (happened). Would there be a monetary loss? Loss of confidence (in the event of a business breach)? Fine (in the event of a loss of PII or PHI)?
4. Remediation: Research and recommend a security control (i.e. firewall, lock on a door, etc.) that can remediate (prevent, detect, correct, etc.) the attack or threat.