Risk Threat Vulnerability

- Week 2 laboratory put to death a Qualitative Risk Assessment for an IT stand Learning Objectives and Outcomes Upon complemental this lab, students will be able to Define the purpose and objectives of an IT put on the line mind * Align identified lay on the lines, threats, and vulnerabilities to an IT bump assessment that encompasses the seven domains of a typic IT stem * Classify identified trys, threats, and vulnerabilities according to a soft take a chance assessment template * Prioritize classified risks, threats, and vulnerabilities according to the defined soft risk assessment scale * Craft an executive stocky that shell outes the risk assessment findings, risk assessment dissemble, and recommendations to remediate aras of non- accord research lab 4 Assessment Worksheet commit a Qualitative Risk Assessment for an IT Infrastructure Overview The following risks, threats, and vulnerabilities were assemble in an IT infrastructure. Consider the scenario of a Hea lthcare provider under HIPPA compliance law and what compliance to HIPPA involves. 1. Given the list below, perform a qualitative risk assessment Determine which typical IT domain is impacted by each risk/threat/ exposure in the Primary vault of heaven Impacted column. Risk Threat VulnerabilityPrimary Domain ImpactedRisk Impact/ chemical element unauthorized entrance from pubic InternetLAN WANHighUser destroys entropy in application and deletesLANHigh every files plug penetrates your IT infrastructure and gains access to your internal communicate frame / ApplicationsHigh Intra-office employee romance bygone badUser DomainLow Fire destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN WANMedium exposure Unauthorized access to system owned User DomainHigh workstations Risk Threat VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Loss of production dataLANHighDenial of service attack on organization demilitarized zone and e-mail master of ceremoniesLAN WANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unknown unknown e-mail attachment Workstation browser has software vulnerability Mobile employee needs secure browser access to sales orderliness entry system Service provider has a major network outage Weak ingress/egress traffic filtering degrades performance User inserts CDs and USB firm drives with personal photos, music, and videos on organization owned estimators VPN tunneling between remote computer nd ingress/egress router is needed WLAN access points are needed for LAN connectivity within a warehouse Need to block eavesdropping on WLAN due to customer privacy data access DoS/DDoS attack from the WAN/Internet 2. Next, for each of the identified risks, threats, and vulnerabilities, rank them by listing a 1, 2, and 3 succeeding(a) to each risk, threat, vulnerability i n the Risk Impact/Factor column. 1 = Critical, 2 = Major, 3 = nonaged. Use the following qualitative risk impact/risk figure metrics 1 Critical a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing proper security controls, etc. ) and places the organization in a put of increased liability 2Major a risk, threat, or vulnerability that impacts the C-I-A of an organizations intellectual property assets and IT infrastructure 3Minor a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure 3. Craft an executive summary for management using the following 4-paragraph format.The executive summary must address the following topics * Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found passim the IT infrastructure * Prioritization of critical, major, minor risk assessment elements * Risk assessment and risk impact s ummary * Recommendations and next steps Week 2 Lab Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions & Answers . What is the goal or objective of an IT risk assessment? 2. wherefore is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning 1 risk impact/ risk factor value of Critical for an identified risk, threat, or vulnerability? 4. When you assembled all of the 1 and 2 and 3 risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the 1, 2, and 3 risk elements? What would you say to executive management in regards to your final recommended prioritization?