ABSTRACT
This chapter examines practical steps that can be taken to monitor security threats and assess vulnerabilities on an ongoing basis. Managers and practitioners are encouraged to continuously monitor threats and learn about new and evolving threats. Likewise, vulnerabilities will change as organizations change, including outside contractors, suppliers, business partners, and customers. As those organizations change, they can introduce new vulnerabilities just as easily as they can reduce or eliminate old vulnerabilities. It explains how to establish and maintain a list of individuals or organizations that may pose a threat to security and monitor their activity, and the type of individuals or groups that can be threats to the organization. The chapter reviews straightforward methods of evaluating vulnerabilities, and events in an organization and related organizations that make it advisable to reexamine vulnerabilities that may be caused by events that change organizations. It discusses sources of information on security threats and vulnerabilities.
