Risk Analysis Report “Phishing in a medical office”

Create a risk analysis report for a corporate medical company given these 2 scenarios

1. employee clicks phishing link and reports it and it is a real threat
2. employee clicks phishing link and reports it and it is not a real threat

the report should be structured based off details below

You should provide a systems analysis that fully explains the environment and the success and failure scenarios in sufficient detail for the reader to fully understand the risk and its implications. A simple example would be the use of a password to control access to sensitive information; success would be the protection of the information, failure would be the compromise of the information. Implications would be considerably different if the information compromised was the batting averages of the Little League team you coach versus all of the account information for ten million credit card account holders.

You should provide a detailed scenario description that outlines the possible events and the possible outcomes using the MECE principle. Having identified the scenario possibilities, you should then annotate a probability assessment, a valuation assessment, and a risk assessment.