1. Research risk assessment approaches.
2. Create an outline for a basic qualitative risk assessment plan.
3. Write an introduction to the plan explaining its purpose and importance.
4. Define the scope and boundaries for the risk assessment.
5. Identify data center assets and activities to be assessed.
6. Identify relevant threats and vulnerabilities. Include those listed in the scenario and add to the list if needed.
7. Identify relevant types of controls to be assessed.
8. Identify the key roles and responsibilities of individuals and departments within the organization as they pertain to risk assessments.
9. Develop a proposed schedule for the risk assessment process.
10. Complete the draft risk assessment plan detailing the information above. Risk assessment plans often include tables, but you choose the best format to present the material. Format the bulk of the plan similar to a professional business report and cite any sources you used.