Risk Threat Vulnerability

&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212&8212- Week 2 laboratoryoratory Perform a Qualitative Risk Assessment for an IT groundwork Learning Objectives and Outcomes Upon completing this lab, students leave behind be able to Define the purpose and objectives of an IT happen opinion * organize identified gambles, threats, and vulnerabilities to an IT run a pretend sound judgment that encompasses the seven domains of a typical IT theme * Classify identified encounters, threats, and vulnerabilities according to a qualitative risk sagacity template * Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk judgement scale * Craft an executive summary that addresses the risk assessment findings, risk assessment disturb, and recommendations to remediate areas of non-compliance laboratory 4 Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview The following(a) r isks, threats, and vulnerabilities were found in an IT radix. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves. 1. Given the list below, perform a qualitative risk assessment Determine which typical IT domain is impacted by for each one risk/threat/ pic in the Primary Domain impact column. Risk Threat VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Unauthorized find from pubic InternetLAN WANHighUser destroys data in application and deletesLANHigh all files Hacker penetrates your IT infrastructure and gains access to your internal network System / ApplicationsHigh Intra-office employee romance gone badUser DomainLow flack destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN WANMedium photo Unauthorized access to scheme own User DomainHigh workstations Risk Threat VulnerabilityPrimary Domain ImpactedRisk Impact/F actor release of production dataLANHighDenial of service attack on organization DMZ and email serverLAN WANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unappreciated unknown e-mail attachment Workstation browser has software vulnerability unstable employee needs secure browser access to sales order founding system Service provider has a major network outage faint ingress/egress traffic filtering degrades performance User inserts CDs and USB hard drives with in the flesh(predicate) photos, music, and videos on organization owned computers VPN tunneling between remote computer nd ingress/egress router is indispensable WLAN access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access land/DDoS attack from the WAN/Internet 2. Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a 1, 2, and 3 next to each risk, threat, vulnerability in the Risk Impact/Factor column. 1 = Critical, 2 = Major, 3 = Minor. Use the following qualitative risk impact/risk factor metrics 1 Critical a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing puritanical security controls, etc. ) and places the organization in a position of change magnitude liability 2Major a risk, threat, or vulnerability that impacts the C-I-A of an organizations intellectual property assets and IT infrastructure 3Minor a risk, threat, or vulnerability that can impact user or employee productiveness or availability of the IT infrastructure 3. Craft an executive summary for counseling using the following 4-paragraph format.The executive summary must address the following topics * Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found end-to-end the IT infrastructure * Prioritization of criti cal, major, minor risk assessment elements * Risk assessment and risk impact summary * Recommendations and next steps Week 2 Lab Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions & Answers . What is the goal or objective of an IT risk assessment? 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning 1 risk impact/ risk factor value of Critical for an identified risk, threat, or vulnerability? 4. When you assembled all of the 1 and 2 and 3 risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the 1, 2, and 3 risk elements? What would you say to executive management in regards to your final recommended prioritization?