|
|
|
ISSC363 Tolbert L1.docx
ISSC363_Tolbert_L1.docx
Showing 1-2 out of 4
ISSC363 Tolbert L1.docx-Lab #1: Assessment Workshe...
ISSC363_Tolbert_L1.docx-Lab #1: Assessment Worksheet Identify Threats
ISSC363 Tolbert L1.docx-Lab #1: Ass...
ISSC363_Tolbert_L1.docx-Lab #1: Assessment Worksheet Identify Threats
Page 1
Lab #1: Assessment Worksheet
Identify Threats and Vulnerabilities in an IT Infrastructure
Course Name: ISSC 363
Student Name:
Instructor Name:
Lab Due Date: 19 June 2016
Overview
One of the most important first steps to risk management and implementing a risk
mitigation strategy is to identify known risks, threats, and vulnerabilities and
organize them. The purpose of the seven domains of a typical IT infrastructure is to
help organize the roles, responsibilities, and accountabilities for risk management
and risk mitigation. This lab requires students to identify risks, threats, and
vulnerabilities and map them to the domain that these impact from a risk
management perspective.
Lab Assessment Questions
Given the scenario of a healthcare organization, answer the following Lab #1
assessment questions from a risk management perspective:
1.
Healthcare organizations are under strict compliance to HIPPA privacy
requirements which require that an organization have proper security
controls for handling personal healthcare information (PHI) privacy data. This
includes security controls for the IT infrastructure handling PHI privacy data.
Which one of the listed risks, threats, or vulnerabilities can violate HIPPA
privacy requirements? List one and justify your answer in one or two
sentences.
Unauthorized access to organization owned and need to prevent rogue users
from unauthorized WLAN access are vulnerabilities that can violate HIPAA
privacy requirements. Preventing unauthorized access can lead to
unauthorized users gaining access to medical information and PII without the
consent of the patient.
2.
How many threats and vulnerabilities did you find that impacted risk within
each of the seven domains of a typical IT infrastructure?
User Domain: User downloads an unknown e –mail attachment, User inserts CDs
and USB hard drives
with personal photos, music, and videos on organization owned computers, Intra-
office employee romance gone bad
Page 2
Workstation Domain: Workstation OS has a known software vulnerability,
Workstation browser has software vulnerability. Unauthorized access to
organization owned Workstations, Loss of production data
LAN Domain: Fire destroys primary data center, Communication circuit outages,
Unauthorized access to organization owned Workstations, LAN server OS has a
known software vulnerability, Service provider has a major network outage
LAN-to-WAN Domain: Hacker penetrates your IT infrastructure and gains access to
your internal network, Weak ingress/egress traffic filtering degrades Performance
WAN Domain: Unauthorized access from public Internet, WLAN access points are
needed for LAN connectivity within a warehouse, Need to prevent rogue users from
unauthorized WLAN access
Remote Access Domain: VPN tunneling between remote computer and
ingress/egress router, Remote communications from home office
Systems/Application Domain: User destroys data in application and deletes all files,
Denial of service attack on organization e-mail Server
3.
Which domain(s) had the greatest number of risks, threats, and
vulnerabilities?
The user domain has the greatest number of risks, threats, and vulnerabilities
because it is users cannot be controlled only made aware of the risks.
4.
What is the risk impact or risk factor (critical, major, minor) that you would
qualitatively assign to the risks, threats, and vulnerabilities you identified for
the LAN-to-WAN Domain for the healthcare and HIPPA compliance scenario?
Hackers penetrating IT infrastructure is a critical because all the medical
information would be available for that hacker. The weak traffic is a minor. It
will slow down the network, but that does not mean the medical information
will be available for misuse.
5.
Of the three Systems/Application Domain risks, threats, and vulnerabilities
identified, which one requires a disaster recovery plan and business
continuity plan to maintain continued operations during a catastrophic
outage?
The user destroys data in application and deletes files will require disaster
recovery plan because that will cause the organization to fail and not
continue with the mission. There needs to be a backup plan in case this was
to occur in an organization.
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
American Public Universit...
American_Public_University_System
School:
IT_Security_Risk_Management
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
