Risk Threat Vulnerability

- Week 2 Laboratory Perform a Qualitative Risk Assessment for an IT bag Learning Objectives and Outcomes Upon completing this lab, students will be able to Define the purpose and objectives of an IT take a chance sound judgment * Align identified ventures, terrors, and vulnerabilities to an IT lay on the line assessment that encompasses the seven domains of a typical IT infrastructure * Classify identified risks, threats, and vulnerabilities according to a soft risk assessment template * Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale * Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non- accordLab 4 Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare suppli er under HIPPA compliance law and what compliance to HIPPA involves. 1. Given the list below, perform a qualitative risk assessment Determine which typical IT domain is impacted by each risk/threat/vulnerability in the Primary Domain impressed column. Risk Threat VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Unauthorized access from pubic InternetLAN WANHighUser destroys entropy in application and deletesLANHigh both files Hacker penetrates your IT infrastructure and gains access to your internal network System / ApplicationsHigh Intra-office employee romance gone badUser DomainLow Fire destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN WANMedium vulnerability Unauthorized access to placement owned User DomainHigh workstations Risk Threat VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Loss of production dataLANHighDenial of service attack on organization DMZ and e- mail master of ceremoniesLAN WANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unknown unknown e-mail attachment Workstation browser has software vulnerability runny employee needs secure browser access to sales order entry system Service provider has a major network outage Weak submerging/ pop traffic filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers VPN tunneling between remote computer nd ingress/egress router is needed WLAN access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to client privacy data access DoS/DDoS attack from the WAN/Internet 2. Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a 1, 2, and 3 next to each risk, threat, vulnerability in the Risk Impact/Factor column. 1 = Critical, 2 = Major, 3 = M inor. Use the following qualitative risk impact/risk factor metrics 1 Critical a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing proper security controls, etc. ) and places the organization in a position of increased liability 2Major a risk, threat, or vulnerability that impacts the C-I-A of an organizations intellectual property assets and IT infrastructure 3Minor a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure 3. Craft an executive summary for management using the following 4-paragraph format.The executive summary must address the following topics * Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found throughout the IT infrastructure * Prioritization of critical, major, minor risk assessment elements * Risk assessment and risk impact summary * Recommendations and next steps Week 2 Lab Assessme nt Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions & Answers . What is the goal or objective of an IT risk assessment? 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning 1 risk impact/ risk factor value of Critical for an identified risk, threat, or vulnerability? 4. When you assembled all of the 1 and 2 and 3 risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the 1, 2, and 3 risk elements? What would you plead to executive management in regards to your final recommended prioritization?