Week 2 Laboratory
Perform a Qualitative Risk Assessment for an IT Infrastructure
Learning Objectives and Outcomes
Upon completing this lab, students will be able to:
Define the purpose and objectives of an IT risk assessment
Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure
Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template
Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale
Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non-compliance
Lab #4: Assessment Worksheet
Perform a Qualitative Risk Assessment for an IT Infrastructure
Overview
The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves.
1. Given the list below, perform a qualitative risk assessment:
Determine which typical IT domain is impacted by each risk/threat/vulnerability in the “Primary Domain Impacted” column.
Risk – Threat – Vulnerability Primary Domain Impacted Risk Impact/Factor
Unauthorized access from pubic Internet LANTOWAN 1
User destroys data in application and deletes USER 3
all files
Hacker penetrates your IT infrastructure SYSTEM/APPLICATIONS 1
and gains access to your internal network
Intra-office employee romance gone bad USER 3
Fire destroys primary data center LAN 1
Service provider SLA is not achieved LANTOWAN 1...