The document discusses three major types of malicious activities against organizations' information systems: hostile insider activity, theft of private data by insiders or outsiders, and large-scale denial-of-service attacks. It asks the reader to choose one type, describe a modern example for that type along with its organizational impact, and specify the countermeasures taken as well as recommend additional preventative and reactive countermeasures.