Select any Virtual Organization.
Create a list of 50 information security vulnerabilities with related threats relevant to the organization:
Most vulnerabilities will have more than one related threat.
Cover both physical and logical vulnerabilities.