Chapter 8 in the book and NIST SP800-82 contain the process for conducting a vulnerability and risk assessment. This module, consider the following scenario. You work as a security analyst for Bellevue Public Power District (BPPD). You've been tasked with conducting a vulnerability and risk assessment for their Industrial Control Systems. Before you can begin, you need to write a business plan explaining your recommended actions. As such, it should address the following areas: Business Case (why a security assessment is necessary) Assessment objective (what do you want to achieve as a result of this assessment) Scope of your assessment (what the security assessment will contain and what systems you will be assessing) High-level explanation of your assessment process (how you will conduct the assessment) Information to be gathered (what information do you anticipate getting as a result of this assessment) Resources (tools, personnel, equipment, etc.) you'll need as part of this assessment Assumptions Your report should be three to five pages in length and a Word or PDF document and have proper attention to formatting, spelling, grammar, and punctuation. Don't forget your name, class, and assignment number