Thursday, October 24, 2019
Risk Threat Vulnerability
ââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬âââ¬â- Week 2 Laboratory Perform a Qualitative Risk Assessment for an IT Infrastructure Learning Objectives and Outcomes Upon completing this lab, students will be able to: Define the purpose and objectives of an IT risk assessment * Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure * Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template * Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale * Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non-complianceLab #4: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves. 1. Given the list below, perform a qualitative risk assessment: Determine which typical IT domain is impacted by each risk/threat/vulnerability in the ââ¬Å"Primary Domain Impactedâ⬠column. Risk ââ¬â Threat ââ¬â VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Unauthorized access from pubic InternetLAN ââ¬â WANHighUser destroys data in application and deletesLANHigh all files Hacker penetrates your IT infrastructure and gains access to your internal network System / ApplicationsHigh Intra-office employee romance gone badUser DomainLow Fire destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN ââ¬â WANMedium vulnerability Unauthorized access to organization owned User DomainHigh works tations Risk ââ¬â Threat ââ¬â VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Loss of production dataLANHighDenial of service attack on organization DMZ and e-mail serverLAN ââ¬âWANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unknown unknown e-mail attachment Workstation browser has software vulnerability Mobile employee needs secure browser access to sales order entry system Service provider has a major network outage Weak ingress/egress traffic filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers VPN tunneling between remote computer nd ingress/egress router is needed WLAN access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access DoS/DDoS attack from the WAN/Internet 2. Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a ââ¬Å"1â⬠, ââ¬Å"2â⬠, and ââ¬Å"3â⬠next to each risk, threat, vulnerability in the ââ¬Å"Risk Impact/Factorâ⬠column. ââ¬Å"1â⬠= Critical, ââ¬Å"2â⬠= Major, ââ¬Å"3â⬠= Minor. Use the following qualitative risk impact/risk factor metrics: ââ¬Å"1â⬠Critical ââ¬â a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing proper security controls, etc. ) and places the organization in a position of increased liability ââ¬Å"2â⬠Major ââ¬â a risk, threat, or vulnerability that impacts the C-I-A of an organizationââ¬â¢s intellectual property assets and IT infrastructure ââ¬Å"3â⬠Minor ââ¬â a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure 3. Craft an executive summary for management using the following 4-paragraph format. The executive summary must address the following topics: * Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found throughout the IT infrastructure * Prioritization of critical, major, minor risk assessment elements * Risk assessment and risk impact summary * Recommendations and next steps Week 2 Lab: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions & Answers . What is the goal or objective of an IT risk assessment? 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning ââ¬Å"1â⬠risk impact/ risk factor value of ââ¬Å"Criticalâ⬠for an identified risk, threat, or vulnerability? 4. When you assembled all of the ââ¬Å"1â⬠and ââ¬Å"2â⬠and ââ¬Å"3â⬠risk impact/risk fa ctor values to the identified risks, threats, and vulnerabilities, how did you prioritize the ââ¬Å"1â⬠, ââ¬Å"2â⬠, and ââ¬Å"3â⬠risk elements? What would you say to executive management in regards to your final recommended prioritization?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.