In the first milestone, you identified a recent security incident that took place. There were multiple incidents that were chosen such as Target, OPM, Equifax, Home Depot, and so many more.
In the second milestone, you will access the administrative, physical, and technical controls of the particular company then determine which one of these administrative, physical, and technical controls were not secure and led to the security incident.
This week you will work on Milestone 3. In milestone 3 you are building upon your first two milestones and describe the mitigation strategy, results, etc. on the organization. For example, if you chose Equifax in milestone 1 you introduced your topic, in milestone 2 you described the controls that surrounded the organization, and now in Milestone you will evaluate the results of the security incident. All of these milestones tie into each other as you evaluate the circumstances of the incident and the results.