Description
Within the previous step, the SoW report conveyed a brief overview of the organization’s critical aspects and a list of the organization’s security needs. Now, you are ready to develop a comprehensive work breakdown structure (WBS).This breakdown provides more detail, so you will need to devise examples of procedures you might recommend to your organization. Some examples include a penetration test, baseline analysis, or system logging. Note the tools and techniques to use in conducting a vulnerability assessment to be used later in the project.Using a spreadsheet, create the comprehensive work breakdown structure, including key elements that must be tested and analyzed. Organize the spreadsheet using the elements identified in the SoW from the previous steps and the following:internal threats: personnel, policies, proceduresexternal threats: systems, connectivity, databasesexisting security measures: software, hardware, telecommunications, cloud resourcescompliance requirements: legal aspects (federal, state, and local), contractual demands up and down the supply chain
