1. Why is a threat assessment so important to an organization?
2. What are some key steps an assessor should take before performing a vulnerability assessment? In other words, what should be reviewed first, and why.
3. Explain your understanding of a continuous monitoring program; why it should be implemented; andhow would it help the overall risk management program.
4. Explain why a penetration assessment is valuable. What benefits can be derived from performing these assessments periodically? Why?