Risk Assessment Lab 1
7
Lab #1 - Assessment Worksheet
Identifying Threats and Vulnerabilities in an IT Infrastructure
CSS 250 Security Risk Management
Course Name and Number: _____________________________________________________
Kristopher Brown
Student Name: ________________________________________________________________
Cheryl Frederick
Instructor Name: ______________________________________________________________
10/13/2014
Lab Due Date: ________________________________________________________________
Overview
In this lab, you identified known risks, threats, and vulnerabilities, and you organized them.
Finally, you mapped these risks to the domain that was impacted from a risk management perspective. Lab Assessment Questions & Answers
1. Health care organizations must strictly comply with the Health Insurance Portability and
Accountability Act (HIPAA) Privacy and Security rules that require organizations to have proper security controls for handling personal information referred to as “protected health information,” or PHI. This includes security controls for the IT infrastructure handling PHI. Which of the listed risks, threats, or vulnerabilities can violate HIPAA privacy and security requirements? List one and justify your answer in one or two sentences.
Unauthorized access to organization-owned workstations. If someone has access to a workstation who is not authorized, this person can see medical record, SSN, and names of people that are protected.
2. How many threats and vulnerabilities did you find that impacted risk in each of the seven domains of a typical IT infrastructure? there may have been 1, the fire and the ISP outage.
3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?
LAN and USER
4. What is the risk impact or risk factor (critical, major, and minor) that you would qualitatively assign to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the health care and
Lab #1 - Assessment Worksheet
Identifying Threats and Vulnerabilities in an IT Infrastructure
CSS 250 Security Risk Management
Course Name and Number: _____________________________________________________
Kristopher Brown
Student Name: ________________________________________________________________
Cheryl Frederick
Instructor Name: ______________________________________________________________
10/13/2014
Lab Due Date: ________________________________________________________________
Overview
In this lab, you identified known risks, threats, and vulnerabilities, and you organized them.
Finally, you mapped these risks to the domain that was impacted from a risk management perspective. Lab Assessment Questions & Answers
1. Health care organizations must strictly comply with the Health Insurance Portability and
Accountability Act (HIPAA) Privacy and Security rules that require organizations to have proper security controls for handling personal information referred to as “protected health information,” or PHI. This includes security controls for the IT infrastructure handling PHI. Which of the listed risks, threats, or vulnerabilities can violate HIPAA privacy and security requirements? List one and justify your answer in one or two sentences.
Unauthorized access to organization-owned workstations. If someone has access to a workstation who is not authorized, this person can see medical record, SSN, and names of people that are protected.
2. How many threats and vulnerabilities did you find that impacted risk in each of the seven domains of a typical IT infrastructure? there may have been 1, the fire and the ISP outage.
3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?
LAN and USER
4. What is the risk impact or risk factor (critical, major, and minor) that you would qualitatively assign to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the health care and