Penetration Testing - Threats, Attacks, and Vulnerability Assessment
Threats, Attacks, and Vulnerability Assessment Template
Page 2 of 2
Threats, Attacks, and Vulnerability Assessment Template
Instructions: Replace the information in brackets [ ] with information relevant to your project.
A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber-related interests. Take on the role of a Cyber Security Threat Analyst for the approved organization you chose. Research the following information about the organization you chose and complete the Threats, Attacks, and Vulnerability Assessment template.
[Organization Name/Description]
Assessment Scope
What are the tangible assets included? (Must include virtualization, cloud, database, network, mobile, information systems.) Identify all information systems, critical infrastructure, and cyber-related interests and combinations that will be assessed. Also, describe information systems, critical infrastructure, and cyber-related interests which will not be assessed and explain why.
[Response]
System Model
A diagram and descriptions of each asset included in the assessment scope.
[Diagram here or attached]
[Response]
Existing Countermeasures
Describe existing countermeasure already in place.
[Response]
Threat Agents and Possible Attacks
Define 12 to 15 threat agents and possible attacks.
[Response]
Exploitable Vulnerabilities
Identify 7 to 9 exploitable vulnerabilities.
[Response]
Threat History/Business Impact
|
Threat History Events |
Duration |
Business Impact |
Threat Resolution |
|
[Response] |
[Response] |
[Response] |
[Response] |
|
[Response] |
[Response] |
[Response] |
[Response] |
|
[Response] |
[Response] |
[Response] |
[Response] |
|
[Response] |
[Response] |
[Response] |
[Response] |
Risks and Contingencies Matrix
|
Risk |
Probability |
Priority |
Owner |
Countermeasures/Contingencies/Mitigation Approach |
|
[Response] |
[Response] |
[Response] |
[Response] |
[Response] |
|
[Response] |
[Response] |
[Response] |
[Response] |
[Response] |
|
[Response] |
[Response] |
[Response] |
[Response] |
[Response] |
|
[Response] |
[Response] |
[Response] |
[Response] |
[Response] |