Risk Threat Vulnerability

Only available on StudyMode
  • Download(s) : 1341
  • Published : March 28, 2013
Open Document
Text Preview
Week 2 Laboratory

Perform a Qualitative Risk Assessment for an IT Infrastructure

Learning Objectives and Outcomes
Upon completing this lab, students will be able to:
* Define the purpose and objectives of an IT risk assessment * Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure * Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template * Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale * Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non-compliance

Lab #4: Assessment Worksheet

Perform a Qualitative Risk Assessment for an IT Infrastructure


The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves.

1. Given the list below, perform a qualitative risk assessment: Determine which typical IT domain is impacted by each risk/threat/vulnerability in the “Primary Domain Impacted” column.

Risk – Threat – VulnerabilityPrimary Domain ImpactedRisk Impact/Factor

Unauthorized access from pubic InternetLAN – WANHigh

User destroys data in application and deletesLANHigh
all files

Hacker penetrates your IT infrastructure
and gains access to your internal network System / ApplicationsHigh

Intra-office employee romance gone badUser DomainLow

Fire destroys primary data centerLan DomainHigh

Service provider SLA is not achieved System / ApplicationsLow

Workstation OS has a known softwareLAN – WANMedium

Unauthorized access to organization...
tracking img