1. Organization (1 page): Create a one-page description of fictitious organization, one that involves you as the leader or CEO. It can be a business or a non-profit or a startup, or anything else you might envision.
2. Incident (1 page): Create a one-page description of a serious cybersecurity incident such as I described here in class today. It can be any type of incident you desire (e.g., DDOS, data breach, etc.)
3. Matrix (1 page): Create a one-page threat asset matrix for your organization as we discussed in last week’s class with assets mapped to threats, and risks estimated for each cell.
4. Justification (Multiple pages): Create a multi-page description justifying your risk estimates. Explain why you picked each probability and consequence value.
5. Investment (1 page): Create a one-page description of how your threat asset matrix priority ranks the most appropriate assets and threats to focus on in any security budget.
6. Improvement (1 page): Create a one-page description of how your investment strategy would reduce the possibility of the incident you described from happening again.