top-rated free essay

Risk Management Lab 1

By fbrown0626 Jun 23, 2014 562 Words
1. Healthcare is under a strict HIPPA privacy requirements which require that an organization have proper security controls for handling personal healthcare information (PHI) privacy data. This includes security controls for the IT infrastructure handling PHI privacy data. Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements? List one and justify your answer in one or two sentences.

Hacker penetrates your IT infrastructure and gains access to your internal network – If a hacker is able to penetrate your internal network he has the potential to gain access to patient files or other private data that is covered under HIPPA guidelines.

2. How many threats and vulnerabilities did you find that impacted risk within each of the seven domains of a typical IT infrastructure?

a. User Domain: 2

b. Workstation Domain: 5

c. LAN Domain: 7

d. LAN-to-WAN Domain: 2

e. WAN Domain: 2

f. Remote Access Domain: 2

g. System/Application Domain: 1

3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?

LAN Domain

4. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the healthcare and HIPPA compliance scenario?

I would consider the both minor for the most part. Unless performance becomes a work stoppage, both would be considered minor in relation to HIPPA.

5. Of the three Systems/Application Domain risks, threats, and vulnerabilities identified, which one requires a disaster recovery plan and a business continuity plan to maintain continued operations during a catastrophic outage?

Loss of production data

6. Which domain represents the greatest risk and uncertainty to an organization?

User Domain

7. Which domain requires stringent access controls and encryption for connectivity to corporate resources from home?

Remote Access Domain

8. Which domain requires annual security awareness training and employee background checks for sensitive positions to help mitigate risk from employee sabotage?

User Domain

9. Which domains need software vulnerability assessments to mitigate risk from software vulnerabilities?

Workstation Domain

10. Which domain requires AUPS to minimize unnecessary User initiated Internet traffic and can be monitored and controlled by web content filters?

User Domain

11. In which domain do you implement web content filters?

LAN-to-WAN Domain

12. If you implement a wireless LAN (WLAN) to support connectivity for laptops in the Workstation Domain, which domain does WLAN fall within?

LAN Domain

13. A bank under Gramm-Leach-Bliley-Act (GLBA) for protecting customer privacy has just implemented their online banking solution allowing customers to access their accounts and perform transactions via their computer or PDA device. Online banking servers and their public Internet hosting would fall within which domains of security responsibility?

a. LAN-to-WAN Domain

14. Customers that conduct online banking using their laptop or personal computer must use HTTPS:, the secure and encrypted version of HTTP: browser communications. HTTPS:// encrypts webpage data inputs and data through the public Internet and decrypts that webpage and data once displayed on your browser. True or False.

a. TRUE

15. Explain how a layered security strategy throughout the 7-domains of a typical IT infrastructure can help mitigate risk exposure for loss of privacy data or confidential data from the Systems/Application Domain.

Well as you travel through the layers, each layer should add a little more security features to help protect you IT assets. When you come to your Systems/Application Domain, the applications should work with your network based on how you set up the other layers.

Cite This Document

Related Documents

  • Risk Assessment Lab 1

    ...7 Lab #1 - Assessment Worksheet Identifying Threats and Vulnerabilities in an IT Infrastructure CSS 250 Security Risk Management Course Name and Number: _____________________________________________________ Kristopher Brown Student Name: ________________________________________________________________ Cheryl Frederick Instructor Name...

    Read More
  • Risk management

    ...Arvand Moaddab Martina Lenkova Risk Management The main purpose of risk management is to prevent, minimize and eliminate unacceptable risks. Risk management consists of analyzing, assessing, controlling and avoiding. In order to properly manage future events, an organization will typically use a combination of risk assumption, risk...

    Read More
  • Risk Management

    ...achievement of the enterprise’s aims. Enterprise Risk Management (ERM) is relatively a new term that is fast becoming an ultimate approach to risk management. The purpose of risk management is to identify potential pitfalls or problems before they happen so that risk-handling actions may be put into place and enforced accordingly on the cour...

    Read More
  • risk management

    ...RAMP Risk Assessed Management Plan Principal activity to be conducted on the premises. The SAMPLE Restaurant is a food and beverage business located AT SAMPLE RESTAURANT ADDRESS The premises comprises the Restaurant, serving lunch and dinner from Tuesday to Sunday, and a private room which is used for small functions. (amend as required) The ma...

    Read More
  • is3110 lab 1

    ...RISK-THREAT-VULNERABILITY PRIMARY DOMAIN IMPACTED Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intra-office employee romance gone bad Fire destroys primary data center Communication circuit outages ...

    Read More
  • Risk and Quality Management Assessment

    ...Risk and Quality Management Assessment Summary Sherry Noble HCS/451 September 29, 2014 Charriet Womble Risk and Quality Management Assessment Summary Reunion Plaza Nursing Center, a long term nursing facility with a 102 beds and is in the process of adding an additional wing that will have 30 beds for the elderly, disable, and short term...

    Read More
  • M4 A1 Risk Management

    ... Khaneidga Harris Argosy University Principal of Negotiation & Risk management July 22, 2014 Instructor: Dr. Denton The Tummy-Ache Debate Abstract A woman complains of abdominal pain and is rushed to the hospital. After an examination, the physician informs the woman that she needs a kidney transplant. However, based on ...

    Read More
  • IS3110 Risk Management

    ...1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Answer : The importance of to prioritizing risks in an IT infrastructure, is because you must be aware of what are the risks, the threats, and vulnerabilities to your infrastructure. By prioritizing immediately you know where the weakest point in...

    Read More

Discover the Best Free Essays on StudyMode

Conquer writer's block once and for all.

High Quality Essays

Our library contains thousands of carefully selected free research papers and essays.

Popular Topics

No matter the topic you're researching, chances are we have it covered.