Scenario
Before the risk assessment and gap analysis plan were finalized and implemented, Fullsoft experienced a
malware attack that began when an employee launched an application from a flash drive. As a result,
proprietary information was leaked. The company is now in the process of recovering from this breach.
The chief security officer (CSO) has asked you and your colleagues to participate in a team meeting to
discuss the incident and its potential impact on the company.
Tasks
For this part of the project:
1. Prepare for the meeting by deliberating on the following questions:
▪ What circumstances may have allowed this incident to occur, or could allow a similar
incident to occur in the future?
▪ What insights about risks, threats, and/or vulnerabilities can you glean from reports of
similar incidents that have occurred in other organizations?
▪ What potential outcomes should the company anticipate as a result of the malware attack
and possible exposure of intellectual property?
▪ Which countermeasures would you recommend the company implement immediately to
detect current vulnerabilities, respond to the effects of this and other successful attacks,
and prevent future incidents?
2. Write an outline of key points related to the questions above that the team should discuss at the
meeting.
3. Perform research as necessary.
Required Resources
▪ Textbook for this course : David Kim and Michael G. Solomon, Fundamentals of Information Systems
Security 4th edition, Jones & Bartlett, 2023 (ISBN: 978-1284220735). 
▪ Internet access
Submission Requirements
▪ Format: Microsoft Word (or compatible)
▪ Font: Arial, size 12, double-space
▪ Citation Style: Follow your school’s preferred style guide
▪ Length: 1–2 pages
Self-Assessment Checklist
▪ I conducted adequate independent research for this part of the project.
▪ I created an outline that describes key points the team should discuss at the meeting. My outline
describes:
o Circumstances that may have allowed the malware infection to occur, or could allow a similar
incident to occur in the future
o Insights about risks, threats, and/or vulnerabilities from reports of similar incidents that have
occurred in other organizations
o Potential outcomes of a malware attack and exposure of confidential information
o Countermeasures the company should implement immediately
▪ I created a well-developed outline with proper documentation, grammar, spelling, and
punctuation.
▪ I followed the submission guidelines.