is3110 lab 1
RISK-THREAT-VULNERABILITY PRIMARY DOMAIN IMPACTED
Unauthorized access from public Internet
User destroys data in application and deletes all files
Hacker penetrates your IT infrastructure and gains access to your internal network
Intra-office employee romance gone bad
Fire destroys primary data center
Communication circuit outages
Workstation OS has a known software vulnerability
Unauthorized access to organization owned
Workstations
Loss of product data
Denial of service attack on organization e-mail server
Remote communications from home office
LAN server OS has a known software vulnerability
User downloads an unknown e-mail attachment
Workstation browser has software vulnerability
Service provider has a major network outage
Weak ingress/egress traffic filtering degrades performance
User inserts CD’s and USB hard drives with personal photos, music, and videos on organization owned computers
VPN tunneling between remote computer and ingress/egress router
WLAN access points are needed for LAN connectivity within a warehouse
Need to prevent rogue users from unauthorized WLAN access
1. Healthcare organizations are under strict compliance to HIPPA privacy requirements which require that an organization have proper security controls for handling personal healthcare information (PHI) privacy data. This includes security controls for the IT infrastructure handling PHI privacy data. Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements? List one and justify and justify your answer in one or two sentences.
a. Hacker penetrates your IT infrastructure and gains access to your internal network. If a hacker gains access to your network, they will potentially have access to patient files or other sensitive information that is under the HIPPA guidelines.
2. How many threats and vulnerabilities did you find that impacted risk within each of the seven domains of a typical IT
Unauthorized access from public Internet
User destroys data in application and deletes all files
Hacker penetrates your IT infrastructure and gains access to your internal network
Intra-office employee romance gone bad
Fire destroys primary data center
Communication circuit outages
Workstation OS has a known software vulnerability
Unauthorized access to organization owned
Workstations
Loss of product data
Denial of service attack on organization e-mail server
Remote communications from home office
LAN server OS has a known software vulnerability
User downloads an unknown e-mail attachment
Workstation browser has software vulnerability
Service provider has a major network outage
Weak ingress/egress traffic filtering degrades performance
User inserts CD’s and USB hard drives with personal photos, music, and videos on organization owned computers
VPN tunneling between remote computer and ingress/egress router
WLAN access points are needed for LAN connectivity within a warehouse
Need to prevent rogue users from unauthorized WLAN access
1. Healthcare organizations are under strict compliance to HIPPA privacy requirements which require that an organization have proper security controls for handling personal healthcare information (PHI) privacy data. This includes security controls for the IT infrastructure handling PHI privacy data. Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements? List one and justify and justify your answer in one or two sentences.
a. Hacker penetrates your IT infrastructure and gains access to your internal network. If a hacker gains access to your network, they will potentially have access to patient files or other sensitive information that is under the HIPPA guidelines.
2. How many threats and vulnerabilities did you find that impacted risk within each of the seven domains of a typical IT