Lab #4: Assessment Worksheet
Perform a Qualitative Risk Assessment for an IT Infrastructure
Lab Assessment Questions
1. What is the goal or objective of an IT risk assessment?
To identify and evaluate risks based on an analysis of threats and vulnerabilities to assets. Risks are quantified based on their importance or impact severity. These risks are then prioritized.
2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure?
It is difficult to conduct a qualitative risk assessment because it is a subjective method. It uses relative values based on opinions from experts.
3. What was your rationale in assigning “1” risk impact/risk factor value of Critical for an identified risk, threat, or vulnerability?
I evaluated those that have large impact on compliance and places the organization in a position of increased liability are given “1” or a critical value.
4. When you assembled all of the “1” and “2” and “3” risk impact/risk factors values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to executive management in regards to your final recommended prioritization?
“1” Critical: a risk, threat, or vulnerability that impacts compliance and places the organization in a position of increase liability.
“2” Major: a risk, threat, or vulnerability that impacts the C-I-A of an prganization intellectual property assets and IT infrastructure.
“3” Minor: a risk, threat, or vulnerability that can impact user productivity or availability of the IT infrastructure.
5. Identify a risk mitigation solution for each of the following risk factors:
User downloads and clicks on an unknown e-mail attachment – Restrict user access and set up the system so the user has to get authorization for downloads
Workstation OS has a known software vulnerability – Patch or update software
Need to prevent eavesdropping on WLAN die to customer privacy data access –...