Discuss how threat identification should be performed within your organization or university. Should every threat be planned for? Why or why not?
Ward IT Security gives a great beginning step to identify threats in an organization. They are very basic steps, however building off of them would be quite easy for an organization to do. The four steps they present are…
Analyzing and understanding the particular threat portfolio specific to your organization and its operation.
Effectively prioritizing the evaluation of your system vulnerabilities.
Determining how those vulnerabilities may be exploited by a specific threat actor or actions.
Providing a report of findings with detailed information that allows your organization to implement preemptive risk management actions.
I don’t think you can plan for every threat, because not every threat exists right now, and like Ward mentions, threats can be specific to the type of organization you are. A grocery store chain may not have the same vulnerabilities as a bank; and vice versa. The tools may be the same in how we detect, prevent, and mitigate but not necessarily the same philosophy. Threat identification
. WARD IT SECURITY. (2019, April 3). https://warditsecurity.com/threat-
identification/
