Risk - Threat - Vulnerability Primary Domain Risk

Impacted Impact/Factor
Unauthorized access from pubic Internet Remote Access Domain 1
User destroys data in application and deletes Systems/Application 3
all files Domain
Hacker penetrates your IT infrastructure LAN-to-WAN Domain 1
and gains access to your internal network
Intra-office employee romance gone bad User Domain 3
Fire destroys primary data center Systems/Application 1
Domain
Service provider SLA is not achieved WAN Domain 3
Workstation OS has a known software Workstation Domain 2
vulnerability
Unauthorized access to organization owned Workstation Domain 1
workstations
Loss of production data WAN Domain 3
Denial of service attack on organization LAN-to-WAN Domain 1
DMZ and e-mail server
Remote communications from home office Remote Access Domain 2
LAN server OS has a known software LAN Domain 2
vulnerability
User downloads and clicks on an unknown User Domain 1
Workstation browser has software vulnerability Workstation Domain 3
Mobile employee needs secure browser access Remote Access Domain 3
to sales order entry system
Service provider has a major network outage WAN Domain 2
Weak ingress/egress traffic filtering LAN-to-WAN Domain 3
degrades performance
User inserts CDs and USB hard drives User Domain 2
with personal photos, music, and videos on
organization owned computers
VPN tunneling between remote computer LAN-to-WAN Domain 2
and ingress/egress router is needed
WLAN access points are needed for LAN LAN Domain 3
connectivity within a warehouse
Need to prevent eavesdropping on WLAN LAN Domain 1
due to customer privacy data access
DoS/DDoS attack from the WAN/Internet WAN Domain 1

 User Domain Risk Impacts: 3

 Workstation Domain Risk Impacts: 3
 LAN Domain Risk Impacts: 2
 LAN-to-WAN Domain Risk Impacts: 2
 WAN Domain Risk Impacts: 2
 Remote Access Domain Risk Impacts: 1
 Systems/ Applications Domain Risk Impacts: 1

1. Was the student able to relate the scope for an IT risk mitigation plan to the seven domains of a
typical IT infrastructure? – [20%] 20%

2. Was the student able to align the major parts of an IT risk mitigation plan within each of the

seven domains of a typical IT infrastructure? – [20%] 15%

3. Was the student able to define the tactical risk mitigation steps needed to remediate the identified

risk, threats, and vulnerabilities commonly found in the seven domains of a typical IT

infrastructure? – [20%] 15%

4. Was the student able to define procedures and processes needed to maintain a security baseline

definition for on-going risk mitigation within the seven domains of a typical IT infrastructure? –

[20%] 15%

5. Was the student able to create a table of contents for an IT risk mitigation plan encompassing the

seven domains of a typical IT infrastructure? – [20%] 15%

1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?

It's important to prioritize your IT infrastructure risks because you have to be aware of what risks, threats, and
vulnerabilities are present to your infrastructure. You need this so you know where to focus the most attention.

2. Based on your executive summary produced in Lab #4 Perform a Qualitative Risk Assessment for an IT
infrastructure, what was the primary focus of your message to executive management?

Set up security measures through various means including:

 Forcing users to update password every X number of days.

 Firewall, Antivirus,…..
 Guide users to avoid unknown email senders and unsafe links

1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?

It is important to prioritize because you must be aware of what the risks, threats, and vulnerabilities
there are to your infrastructure. You need this so that you know where the most attention needs to be
focused on.
2. Based on your executive summary produced in Lab #4 Perform a Qualitative Risk Assessment for an IT
infrastructure, what was the primary focus of your message to executive management?
Setting up security measures through various means includes the following: * Forcing users to update
password every X number of days. * Educating the users. * Firewalls - Anti-malwar
3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your
identified risks, threats, and vulnerabilities?

Since user activity is unpredictable and potentially risky, it is important to rank possible risks and devise
countermeasures.
4. What risk mitigation solutions do you recommend for handling the following risk element? A user inserts a CD or
USB hard drive with personal photos, music and videos on organization owned computers.
An anti-virus program. Devices are scanned as soon as they are plugged in.

5. What is a security baseline definition?

Security Baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact
information system.

6. What questions do you have for executive management in order to finalize your IT risk

mitigation plan?

- Is your IT team familiar with risk management?

- Do you use any framework for management?

7. What is the most important risk mitigation requirement you uncovered and want to communicate to

executive management? In your opinion, why is this the most important risk mitigation requirement?

Assessing risk relationships and common causes is important because you cannot reduce risk otherwise know what
it is.

8. Based on your IT risk mitigation plan, what is the difference between short-term and long-term

risk mitigation tasks and on-going duties?

Short-term risks are those that can be quickly remedied and have no long-term consequences for the company;
Long-term risks are those that are occurring and will increase gradually, affecting the company. On-going duties are
daily tasks that must be completed in order to company operate safely.

9. Which of the seven domains of a typical IT infrastructure is easy to implement risk

mitigation solutions but difficult to monitor and track effectiveness?

LAN-to-WAN

10. Which of the seven domains of a typical IT infrastructure usually contains privacy data

within systems, servers, and databases?

Application

11. Which of the seven domains of a typical IT infrastructure can access privacy data and also store it
on local hard drives and disks?

Workstation

12. Why is the Remote Access Domain the most risk prone of all within a typical IT infrastructure?

Because it allows people to access the internal network remotely. Users can connect to network resources Easily. If
the remote access server is a dial-up server, users can connect by dialing. You can also use a virtual private network
(VPN) (VPN). VPN allows users to connect to a private network via public networks such as the internet. However,
you must reduce the risk of being won by an attacker unauthorized access to the same resource. Users work from
home computers or mobile devices such as laptops while working can greatly enhance their productivity and
flexibility by using remote control access solutions.

13. When considering the implementation of software updates, software patches, and software fixes, why must you
test this upgrade or software patch before you implement this as a risk mitigation tactic?

To ensure that no harmful elements, such as viruses, can spread to other systems

14. Are risk mitigation policies, standards, procedures, and guidelines needed as part of your long-term risk
mitigation plan? Why or why not?

Yes, to ensure all the job is complete the process, avoid problems

15. If an organization under a compliance law is not in compliance, how critical is it for your organization to
mitigate this non-compliance risk element?

It is critical for a company to know which laws apply to them. Once discovered, it is critical to ensure that the
company is in compliance. Failure to comply can have serious consequences. Some laws impose significant fines on
organizations. Other laws could result in detention. Some can have a negative impact on the organization's business
performance.