On page 24 of the Generic SCADA Risk Management Framework, there is an example of a threat /risk assessment which is part of a risk management program. Using one of your previous case-study incidences (each student has a choice to select which incident to write about) please create a threat matrix (See example below). Your assessment must include what you feel is the threat to the incident you selected with the following columns:
Asset ID: (select at minimum 4 asset ID’s, for example, People, Process and Software (which become your rows), Vulnerability, Consequence (your rating), Likelihood and Treatment (Mitigation).
Asset ID Vulnerability Consequence Likelihood Treatment