How to Identify Threats and Vulnerabilities in an IT Infrastructure
1. An example of a HIPPA privacy violation would be a breach of information from the Healthcare organizations servers. This particular breach would impact the System/Application Domain. A hacker can penetrate a vulnerable system and retrieve patient information such as SSN, DOB, and even credit card payment information.
2. Threats and vulnerabilities:
a. User Domain – Unauthorized access to organization owned workstations
b. Workstation Domain - User downloads an unknown e-mail attachments
c. LAN Domain - WLAN access points are needed for LAN connectivity within a warehouse
d. LAN-to-WAN Domain - Unauthorized access from public Internet
e. WAN Domain - Service provider has a major network outage
f. Remote Access Domain - Remote Communication from home office
g. System/Application Domain - Fire destroys primary data center
3. The primary domain identified as having the greatest number of risks, threats, and vulnerabilities was the System/Application Domain.
4. The risk impact or threat to the healthcare HIPPA compliance impacted by the LAN-to-WAN Domain would be the breach of the healthcare browser and ultimately server containing patient private information.
5. Of the treats identified that would impact the System/Application Domain the one that would require disaster recovery plan or business continuity plan would be a fire destroys the primary data center. 6. The domain the represents the greatest risk and uncertainty to an organization would be the System/Application Domain. This is where the servers and monetary data are located.
7. The Remote Access Domain requires stringent access controls and encryption for connectivity to corporate resources from home.
8. The domain that requires annual security awareness training and employee background checks would be the User Domain.
9. The domains that require software vulnerability assessments to mitigate risk from software vulnerabilities would be the following:
a. Workstation Domain
b.
2. Threats and vulnerabilities:
a. User Domain – Unauthorized access to organization owned workstations
b. Workstation Domain - User downloads an unknown e-mail attachments
c. LAN Domain - WLAN access points are needed for LAN connectivity within a warehouse
d. LAN-to-WAN Domain - Unauthorized access from public Internet
e. WAN Domain - Service provider has a major network outage
f. Remote Access Domain - Remote Communication from home office
g. System/Application Domain - Fire destroys primary data center
3. The primary domain identified as having the greatest number of risks, threats, and vulnerabilities was the System/Application Domain.
4. The risk impact or threat to the healthcare HIPPA compliance impacted by the LAN-to-WAN Domain would be the breach of the healthcare browser and ultimately server containing patient private information.
5. Of the treats identified that would impact the System/Application Domain the one that would require disaster recovery plan or business continuity plan would be a fire destroys the primary data center. 6. The domain the represents the greatest risk and uncertainty to an organization would be the System/Application Domain. This is where the servers and monetary data are located.
7. The Remote Access Domain requires stringent access controls and encryption for connectivity to corporate resources from home.
8. The domain that requires annual security awareness training and employee background checks would be the User Domain.
9. The domains that require software vulnerability assessments to mitigate risk from software vulnerabilities would be the following:
a. Workstation Domain
b.