, , , , , , , , , , , , , , , , – Week 2 Laboratory Perform a Qualitative Risk Assessment for an THIS Infrastructure Learning Objectives and Outcomes After completing this kind of lab, college students will be able to: Specify the purpose and objectives associated with an IT risk assessment 5. Align identified risks, threats, and vulnerabilities to an THIS risk evaluation that involves the seven domains of the IT facilities * Sort out identified hazards, threats, and vulnerabilities according to a qualitative risk examination template * Prioritize classified risks, threats, and vulnerabilities according to the described qualitative risk assessment scale * Craft an executive summary that addresses raise the risk assessment studies, risk evaluation impact, and recommendations to remediate areas of non-compliance
Research laboratory #4: Analysis Worksheet Execute a Qualitative Risk Assessment intended for an IT Infrastructure Summary The following dangers, threats, and vulnerabilities had been found in an IT system. Consider the scenario of your Healthcare provider underneath HIPPA compliance law and what conformity to HIPPA involves. 1 )
Given checklist below, perform a qualitative risk assessment: Decide which common IT site is influenced by each risk/threat/vulnerability in the “Primary Domain Impacted column. Risk ” Danger ” VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Unauthorized access coming from pubic InternetLAN ” WANHigh
User destroys data in application and deletesLANHigh almost all files Hacker penetrates your IT facilities and increases access to the internal network System / ApplicationsHigh Intra-office employee romantic endeavors gone badUser DomainLow Fireplace destroys principal data centerLan DomainHigh Service agency SLA is definitely not obtained System as well as ApplicationsLow Workstation OS includes a known softwareLAN ” WANMedium vulnerability Unauthorized access to corporation owned End user DomainHigh work stations Risk ” Threat ” VulnerabilityPrimary Domain name ImpactedRisk Impact/Factor Loss of development dataLANHigh
Refusal of support attack about organization DMZ and email serverLAN “WANHigh Remote marketing and sales communications from home business office LAN storage space OS has a known software vulnerability End user downloads and clicks with an unknown unfamiliar e-mail add-on Workstation web browser has software vulnerability Portable employee requirements secure web browser access to product sales order entrance system Provider has a major network outage Weak ingress/egress traffic blocking degrades performance User inserts CDs and USB hard disks with personal photos, music, and video tutorials on firm owned computers VPN tunneling between distant computer nd ingress/egress router is needed WIRELESS LOCAL AREA NETWORK access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping in WLAN because of customer privateness data gain access to DoS/DDoS strike from the WAN/Internet 2 . Next, for each with the identified dangers, threats, and vulnerabilities, prioritize them simply by listing a “1, “2, and “3 next to each risk, threat, vulnerability inside the “Risk Impact/Factor column. “1 = Important, “2 = Major, “3 = Slight. Use the next qualitative risk impact/risk element metrics: “1 Critical ” a risk, threat, or vulnerability that impacts complying (i.., privacy law requirement of securing personal privacy data and implementing proper security regulates, etc . ) and locations the organization capable of increased liability “2Major ” a risk, menace, or weakness that influences the C-I-A of an organization’s intellectual real estate assets and IT system “3Minor ” a risk, threat, or perhaps vulnerability that could impact consumer or staff productivity or availability of the IT infrastructure 3. Create an business summary intended for management using the following 4-paragraph format.
The executive brief summary must talk about the following matters: * Purpose of the risk assessment & summary of dangers, threats, and vulnerabilities discovered throughout the IT infrastructure 5. Prioritization of critical, major, minor risk assessment factors * Risk assessment and risk effects summary * Recommendations and next steps Week 2 Laboratory: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Evaluation Worksheet concerns pertaining to the qualitative IT risk examination you performed. Lab Evaluation Questions & Answers. Precisely what is the aim or aim of an THIS risk examination? 2 . What makes it difficult to conduct a qualitative risk evaluation for an IT system? 3. That which was your explanation in assigning “1 risk impact/ risk factor value of “Critical for a great identified risk, threat, or vulnerability? four. When you set up all of the “1 and “2 and “3 risk impact/risk factor values to the recognized risks, hazards, and weaknesses, how did you prioritize the “1, “2, and “3 risk elements? What would you say to executive supervision in regards to your final suggested prioritization?