Risk matrix
The idea of this activity is introducing the concept of risk analysis of the organization and also to use an abstraction of the risk matrix methodology to make a first analysis of the organization's security context, which will be used to select security scenarios in order to elaborate procedures to the case in the second activity.
Introduction to security procedures
The idea behind this activity is to complement policies revealed previously as preventive strategies along with the development of procedures to be applied during security incidents such as reactive strategies pursuing to mitigate impact of threats once they have been implemented. This activity seeks to abstract the concepts of procedures, training, communications plans, succession plans and arrangement activities in a single dynamic serving as an introduction to the area of incident response developed in the information security literature.