Preview

Risk Threat Vulnerability

Good Essays
Open Document
Open Document
719 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Risk Threat Vulnerability
-------------------------------------------------
Week 2 Laboratory

Perform a Qualitative Risk Assessment for an IT Infrastructure

Learning Objectives and Outcomes
Upon completing this lab, students will be able to: * Define the purpose and objectives of an IT risk assessment * Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure * Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template * Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale * Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non-compliance

Lab #4: Assessment Worksheet

Perform a Qualitative Risk Assessment for an IT Infrastructure

Overview

The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves.

1. Given the list below, perform a qualitative risk assessment:
Determine which typical IT domain is impacted by each risk/threat/vulnerability in the “Primary Domain Impacted” column.

Risk – Threat – Vulnerability Primary Domain Impacted Risk Impact/Factor

Unauthorized access from pubic Internet LAN – WAN High

User destroys data in application and deletes LAN High all files

Hacker penetrates your IT infrastructure and gains access to your internal network System / Applications High

Intra-office employee romance gone bad User Domain Low

Fire destroys primary data center Lan Domain High

Service provider SLA is not achieved System / Applications Low

Workstation OS has a known software LAN – WAN Medium vulnerability Unauthorized access to
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Powerful Essays

    IS3110 U5L1
    • 912 Words
    • 4 Pages

    IS3110 U5L1

    One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…

    • 912 Words
    • 4 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    Executive Summary On Risk Analysis: Premier Collegiate School
    • 377 Words
    • 2 Pages

    Executive Summary On Risk Analysis: Premier Collegiate School

    In the given scenario of being the system support tech at the Premier Collegiate School, performing a risk analysis of the school infrastructure is highly important when wanting to secure the network. The school has two servers, one for administration and the other for students which seems kind of odd. And has a wireless access for the students with their own laptops. There is also one computer lab that is dedicated for the students to perform their computer science studies.…

    • 377 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    NT2580 Project part 1
    • 606 Words
    • 3 Pages

    NT2580 Project part 1

    Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT infrastructure including user domain, workstation domain, LAN domain, LAN-to-WAN domain, WAN domain, remote access domain, and system/application domain.…

    • 606 Words
    • 3 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Unit 6 Lab
    • 727 Words
    • 2 Pages

    Unit 6 Lab

    After you inventory your assets, you would need to identify the scope of your risk management. You would want to identify things such as your critical business operations, how you connect with your customers, mission-critical data, systems, and applications, and security gaps and identify these throughout all 7 domains of your infrastructure.…

    • 727 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Project Pt 1
    • 338 Words
    • 2 Pages

    Project Pt 1

    The Seven Domains of a typical IT infrastructure are as follows, with the corresponding security proposed for each domain.…

    • 338 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Unit 7 Technical Assessment Questions
    • 960 Words
    • 4 Pages

    Unit 7 Technical Assessment Questions

    4. What tasks and deliverables are needed to implement your risk mitigation recommendations? Pick one of the seven domains of a typical IT infrastructure and answer uniquely.…

    • 960 Words
    • 4 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Week 4 Lab Delphi Method Chris Wiginton
    • 311 Words
    • 1 Page

    Week 4 Lab Delphi Method Chris Wiginton

    Using the Delphi method a group of selected Subject Matter Experts (SMEs) can define the scope of the risk analysis. The SMEs will identify potential threats and vulnerabilities, determine the likelihood and impact of the threats and analyze and recommend security measures and determine risk levels. High emphasis will be placed in determining potential risks and vulnerabilities to the confidentiality, availability and integrity of all Electronic Personal Health Information (EPHI) that this office creates, receives, maintains, or transmits.…

    • 311 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Powerful Essays

    HHS 350: Categorizing Vulnerabilities In An Organization
    • 2036 Words
    • 9 Pages

    HHS 350: Categorizing Vulnerabilities In An Organization

    There are quite a few vulnerabilities that can affect organizations productivity. These vulnerabilities can be environmental, utilities & service, criminal behavior, equipment failure, and information security issues. To protect the organization against loss of productivity and data loss we have created an assessment of the potential danger each category of threat presents. We created a worksheet (located on the last page of this document) listing each type of vulnerability and ranked the probability and severity of each of the threats. Using a probability and severity legend that had one…

    • 2036 Words
    • 9 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    NT2580
    • 526 Words
    • 5 Pages

    NT2580

    Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts  Attacks, threats, and vulnerabilities in a typical IT infrastructure …

    • 526 Words
    • 5 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Unit 7 Lab
    • 293 Words
    • 2 Pages

    Unit 7 Lab

    3. How does risk management and risk assessment relate to a business impact analysis for an IT infrastructure?…

    • 293 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Hippa Regulations
    • 339 Words
    • 2 Pages

    Hippa Regulations

    2. Discuss the role of HIPAA regulations in data and network security, patient consent and authorization.…

    • 339 Words
    • 2 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    HIPAA Health: The Privacy Rule and Health Care Practice

    • 447 Words
    • 2 Pages

    HIPAA Health: The Privacy Rule and Health Care Practice

    On April 14, 2003 the Health Insurance portability and Accountability Act of 1996 (HIPAA) took effect, and these federal regulation have had an impact on the field of healthcare. It affords certain protections to persons covered by health care plans, including continuity of coverage when changing jobs, standards for electronic health care transactions, and primary safeguards for the privacy of individually identifiable patient information. Protecting healthcare information is the key essential in a healthcare organization. In an Internet video, Barclay (2010) states it is imperative that all healthcare providers be knowledgeable about the HIPAA standards and protect the rights of patients and residents. However, patients also have the responsibilities to give accurate information about their condition and to participate in treatment and care. With that being said the doctrine of informed consent allows patients full disclosure to make a knowledgeable decision about their care. Failure of patient confidentiality gives rise to legal liability. Identifying different forms of security breaches and creating measures to safeguards standards, procedure and policies against leaking personal health information (PHI) will maintain and promote growth of an organization.…

    • 447 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Risk Scenario
    • 4258 Words
    • 18 Pages

    Risk Scenario

    The issue of risk scenario carries immense importance for most of the hospitals that are part of the healthcare setting. However, there is not only one scenario that can affect the hospitals but there are several scenarios that can create an impact on the functions of the hospital. There are three scenarios that would be highlighted in the current topic. These three scenarios have a tendency to put a hospital at risk for financial stability. The first scenario that can produce a negative impact on the hospital risk is related to patient care and safety. The second scenario is related to the physical plant. The third and last scenario is related to staffing. The role of HIM practitioner in this regard would be very important. They would serve as a clinical quality assessment resource and as a team member to perform their tasks related to healthcare work. Therefore, all the issues related to three scenarios will be discussed in detail.…

    • 4258 Words
    • 18 Pages
    Powerful Essays
    Read More
  • Good Essays

    IT Risk Management Framework
    • 987 Words
    • 4 Pages

    IT Risk Management Framework

    IT risk management framework is a necessary framework for every successful enterprise. So the City Medical Partners also need their own IT risk management framework. IT risk management framework can avoid the future risks and it also can gain the benefits. And the IT risk management framework need to fit with the risk management objectives of the enterprise - City Medical Partners. The example for risk classifications:…

    • 987 Words
    • 4 Pages
    Good Essays
    Read More
  • Powerful Essays

    CIS8018
    • 1742 Words
    • 7 Pages

    CIS8018

    Health organizations are considered to posses’ high amount of information pertaining to customer and diagnosis which is of vital importance from the security point of view. Looking at the high security requirement for the information contained in the system for health organizations it is important to maintain an information system which can provide data security so that unauthorized access to information contained in information system can be prevented. In present context Nickol Bay hospital has been selected for the paper to consider review of information security system. Nickol Bay is one of the famous health organizations in Australia which is evolving at a rapid pace and looking at the increasing information requirement for the organization it is important to have a robust information system which can cater to the requirement of various stakeholders.…

    • 1742 Words
    • 7 Pages
    Powerful Essays
    Read More

Related Topics