Step 5: Security Weakness Assessment
From the information that you gathered in Steps 2, 3, and 4, develop a two-page summary of your organization’s security weaknesses. Identify threats, risks, and vulnerabilities to achieve a holistic view of risk across the entity.
Consider areas that should be improved from a technology perspective, a people perspective, and a policy perspective. Also note potential risks associated with maintaining the current security posture. You will reference this security assessment later when you make your business case and final recommendation.