The Idea of what is expected from the outcome is to figure out and follow methods:
list out:
Assets identification
Risk Assessment/ Analysis
Risk identification
Vulnerabilities
Threats, weakness, etc for example maybe those firewalls or router or protection used in the company are even vulnerable….look for that products vulnerabilities, impact, we can search for the product to see how best is the threat management can defend threat, we can grade the products or scale it. if the protection are not up to standard what can we do or propose to the company to tighten up the security. this standard should comply to ISO 27001/2 with other standard from research.
propose a solution , guide etc that fully comply with CISM other practise in the industry.
The book that will guide us to answers is the
CISM attached. then other research to make
up the analysis and final report.