Risk Threat Vulnerability

————————————————- Week 2 Laboratory Perform a Qualitative Risk Assessment for an IT Infrastructure Learning Objectives and Outcomes Upon completing this lab, students will be able to: Define the purpose and objectives of an IT risk assessment * Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure * Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template * Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale * Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non-complianceLab #4: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves. 1. Given the list below, perform a qualitative risk assessment: Determine which typical IT domain is impacted by each risk/threat/vulnerability in the â€Å"Primary Domain Impacted† column. Risk – Threat – VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Unauthorized access from pubic InternetLAN – WANHighUser destroys data in application and deletesLANHigh all files Hacker penetrates your IT infrastructure and gains access to your internal network System / ApplicationsHigh Intra-office employee romance gone badUser DomainLow Fire destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN – WANMedium vulnerability Unauthorized access to organization owned User DomainHigh works tations Risk – Threat – VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Loss of production dataLANHighDenial of service attack on organization DMZ and e-mail serverLAN –WANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unknown unknown e-mail attachment Workstation browser has software vulnerability Mobile employee needs secure browser access to sales order entry system Service provider has a major network outage Weak ingress/egress traffic filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers VPN tunneling between remote computer nd ingress/egress router is needed WLAN access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access DoS/DDoS attack from the WAN/Internet 2. Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a â€Å"1†, â€Å"2†, and â€Å"3† next to each risk, threat, vulnerability in the â€Å"Risk Impact/Factor† column. â€Å"1† = Critical, â€Å"2† = Major, â€Å"3† = Minor. Use the following qualitative risk impact/risk factor metrics: â€Å"1† Critical – a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing proper security controls, etc. ) and places the organization in a position of increased liability â€Å"2†Major – a risk, threat, or vulnerability that impacts the C-I-A of an organization’s intellectual property assets and IT infrastructure â€Å"3†Minor – a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure 3. Craft an executive summary for management using the following 4-paragraph format. The executive summary must address the following topics: * Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found throughout the IT infrastructure * Prioritization of critical, major, minor risk assessment elements * Risk assessment and risk impact summary * Recommendations and next steps Week 2 Lab: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions & Answers . What is the goal or objective of an IT risk assessment? 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning â€Å"1† risk impact/ risk factor value of â€Å"Critical† for an identified risk, threat, or vulnerability? 4. When you assembled all of the â€Å"1† and â€Å"2† and â€Å"3† risk impact/risk fa ctor values to the identified risks, threats, and vulnerabilities, how did you prioritize the â€Å"1†, â€Å"2†, and â€Å"3† risk elements? What would you say to executive management in regards to your final recommended prioritization?