On page 24 of the Generic SCADA Risk Management Framework, there is an example of a threat /risk assessment which is part of a risk management program. Using one of your previous case-study incidences (each student has a choice to select which incident to write about) please create a threat matrix (See example below). Your assessment must include what you feel is the threat to the incident you selected with the following columns:
Asset ID: (select at minimum 4 asset ID’s, for example, People, Process and Software (which become your rows), Vulnerability, Consequence (your rating), Likelihood and Treatment (Mitigation).
Asset ID Vulnerability Consequence Likelihood Treatment
Your matrix must be filled out so that a risk assessment/mitigation strategy for identified asset is clearly stated with relevant information. Use link above to assist in answering essay question. Each Row is worth 25 points with a total of 100 points for the entire matrix.