Using the case study you developed in your Module 3 Discussion Post, answer the following questions as if you were an IT Auditor on the case.

• How would you gather IT asset information?
• What are the assets that you would assess? Create a prioritized asset list based on criticality or functionality. (Feel free to make assumptions based on the case.)
• How would you collect threat information?
• Identify and describe at least three threats to the IT infrastructure.
  • What are the threat agents associated with the threats?
  • Are these threats natural, accidental, or deliberate threats?
  • Describe each threat's impact and likelihood.
• How would you gather and assess vulnerabilities in this case?
• List at least three vulnerabilities described in the case.
• Include the severity and likelihood of compromise for each vulnerability identified.
• The list is known or assumed safeguards in place that reduce the vulnerability's impact or likelihood.
• Include a list of any assumptions you are making.