Watch this video on YouTube
After mapping generic risk scenarios to organizational security policies, the NEXT course of action should be to: