Risk matrix
The idea of this activity is to introduce the concept of risk analysis and use an abstraction of the risk matrix methodology to conduct an initial analysis of the organization's security context, which will then be used to select security scenarios for developing relevant procedures in the second activity.
Introduction to security procedures
The idea behind this activity is to complement the policies developed previously as preventive strategies with the development of procedures to be applied during security incidents as reactive strategies aimed at mitigating the impact of threats once they have materialized. This activity seeks to bring together the concepts of procedures, communications plans, succession plans and preparatory activities in a single dynamic that serves as an introduction to the area of incident response in information security.