0% found this document useful (0 votes)

15 views4 pages

Lab4 IAA202

Uploaded by

Lâm Bạch

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

15 views4 pages

Lab4 IAA202

Uploaded by

Lâm Bạch

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

Lab #4

Student Name: Bạch Quang Lâm_HE172445

Class: IA1803

Risk – Threat – Vulnerability Primary Domain Impacted Risk Impact/Factor

Unauthorized access from pubic Internet Remote Access Domain 1

User destroys data in application and deletes System/Application Domain 3

all files

Hacker penetrates your IT infrastructure LAN-to-WAN Domain 1

and gains access to your internal network

Intra-office employee romance gone bad User Domain 3

Fire destroys primary data center System/Application Domain 1

Service provider SLA is not achieved WAN Domain 3

Workstation OS has a known software Workstation Domain 2

vulnerability

Unauthorized access to organization owned Workstation Domain 1

workstations
Lab Assessment Questions:
Loss of production data System/Application Domain 2

Denial of service attack on organization LAN-to-WAN Domain 1

DMZ and e-mail server

Remote communications from home office Remote Access Domain 2

LAN server OS has a known software LAN Domain 2

vulnerability

User downloads and clicks on an unknown User Domain 1

unknown e-mail attachment

Workstation browser has software vulnerability Workstation Domain 3

Mobile employee needs secure browser access Remote Access Domain 2

to sales order entry system

Service provider has a major network outage WAN Domain 2

Weak ingress/egress traffic filtering LAN-to-WAN Domain 3

degrades performance

User inserts CDs and USB hard drives User Domain 2

with personal photos, music, and videos on0
1. For each of the identified risks, threats, and vulnerabilities, prioritize them
by listing a “1”, “2”, and “3” next to each risk, threat, vulnerability found
within each of the seven domains of a typical IT infrastructure. “1” =
Critical, “2” = Major, “3” = Minor. Define the following qualitative risk
impact/risk factor metrics:

“1” Critical – a risk, threat, or vulnerability that impacts compliance (i.e.,

privacy law requirement for securing privacy data and implementing proper
security controls, etc.) and places the organization in a position of increased
liability.
“2”Major – a risk, threat, or vulnerability that impacts the C-I-A of an
organization’s intellectual property assets and IT infrastructure.
“3”Minor – a risk, threat, or vulnerability that can impact user or employee
productivity or availability of the IT infrastructure.

User Domain Risk Impacts: 5

Workstation Domain Risk Impacts: 3

LAN Domain Risk Impacts: 2

LAN-to-WAN Domain Risk Impacts: 2

WAN Domain Risk Impacts: 4

Remote Access Domain Risk Impacts: 2

Systems/Applications Domain Risk Impacts: 3

Lab Assessment Questions & Answers

1. What is the goal or objective of an IT risk assessment?

Identify and mitigate risks.

2. Why is it difficult to conduct a qualitative risk assessment for an IT

infrastructure?
Because it is hard to tell what kind of impact a given attack will have on
the infrastructure.

3. What was your rationale in assigning “1” risk impact/ risk factor value of
“Critical” for an identified risk, threat, or vulnerability?
Assigned critical impact values for threats that severely compromise
patient data or that made the system useless such as DoS attacks.

4. When you assembled all of the “1” and “2” and “3” risk impact/risk factor
values to the identified risks, threats, and vulnerabilities, how did you prioritize
the “1”, “2”, and “3” risk elements? What would you say to executive
management in regards to your final recommended prioritization?
Management should acquire a SLA so that our systems will always be
functioning optimally. I would also recommend that the appropriate
countermeasures for threats are in place.

5. Identify a risk mitigation solution for each of the following risk factors:

User downloads and clicks on an unknown e-mail attachment –

Attachments are a significant security risk associated with emails.
Workstation OS has a known software vulnerability – Define a
workstation operating system vulnerability window policy definition.
Start periodic workstation domain vulnerability tests to find all
vulnerabilities.

Laboratory 4
No ratings yet
Laboratory 4
13 pages
Qualitative Risk Assessment for IT Infrastructure
No ratings yet
Qualitative Risk Assessment for IT Infrastructure
4 pages
Đ Thees Dương Ia1902 Iaa202 Lab4
No ratings yet
Đ Thees Dương Ia1902 Iaa202 Lab4
9 pages
Lab4 IAA202
No ratings yet
Lab4 IAA202
5 pages
Lab4 - IAA202 - HE181705 - Nguyễn Xuân Phương
No ratings yet
Lab4 - IAA202 - HE181705 - Nguyễn Xuân Phương
12 pages
IAA202 - LAB4 - SE140442: A. Healthcare Provider Under HIPPA Compliance Law
No ratings yet
IAA202 - LAB4 - SE140442: A. Healthcare Provider Under HIPPA Compliance Law
6 pages
IA1802-IAA202-Lab4-Nguyễn Trọng Dũng-HE172688
No ratings yet
IA1802-IAA202-Lab4-Nguyễn Trọng Dũng-HE172688
6 pages
Laboratory4 IAA202 Cao Duc Anh HE180550
No ratings yet
Laboratory4 IAA202 Cao Duc Anh HE180550
10 pages
IAA4 Risk Assessment for Remote Access
100% (1)
IAA4 Risk Assessment for Remote Access
4 pages
Iaa202 Lab4 3 6 2022 Reference
No ratings yet
Iaa202 Lab4 3 6 2022 Reference
7 pages
IT Infrastructure Risk Assessment Guide
No ratings yet
IT Infrastructure Risk Assessment Guide
4 pages
IAA202: IT Risk Assessment Lab 4
No ratings yet
IAA202: IT Risk Assessment Lab 4
8 pages
Iaa202-Lab4-Nguyen Gia Bao - He171734 - 1801
No ratings yet
Iaa202-Lab4-Nguyen Gia Bao - He171734 - 1801
6 pages
Lab4 NguyễnTrọngĐứcHải HE180930
No ratings yet
Lab4 NguyễnTrọngĐứcHải HE180930
9 pages
Ngô Minh Hùng HE187099 Lab 4 Qualitative Assessment
No ratings yet
Ngô Minh Hùng HE187099 Lab 4 Qualitative Assessment
11 pages
TuyenDNHE181644 Lab4
No ratings yet
TuyenDNHE181644 Lab4
13 pages
IAA202 SE172320 Lab4
No ratings yet
IAA202 SE172320 Lab4
8 pages
HIPAA Risk Assessment for IT Systems
100% (1)
HIPAA Risk Assessment for IT Systems
8 pages
Lab #4: Perform A Qualitative Risk Assessment For An It Infrastructure
No ratings yet
Lab #4: Perform A Qualitative Risk Assessment For An It Infrastructure
6 pages
Lab 2 Assessment Worksheet Align Risk TH
No ratings yet
Lab 2 Assessment Worksheet Align Risk TH
18 pages
IT Risk Assessment Guide
No ratings yet
IT Risk Assessment Guide
4 pages
IAA202 Lab4 SE140810
No ratings yet
IAA202 Lab4 SE140810
4 pages
IT Risk Assessment Guide
No ratings yet
IT Risk Assessment Guide
6 pages
Lab01 - IAA202 - HE181705 - Nguyen Xuan Phuong
No ratings yet
Lab01 - IAA202 - HE181705 - Nguyen Xuan Phuong
15 pages
Lab 4 Qualitative Assessment
No ratings yet
Lab 4 Qualitative Assessment
10 pages
IT Risk Mitigation Plan Overview
No ratings yet
IT Risk Mitigation Plan Overview
4 pages
Laboratory 4
No ratings yet
Laboratory 4
11 pages
Lab #1: Assessment Worksheet
No ratings yet
Lab #1: Assessment Worksheet
5 pages
Lab 1 - IAA202
No ratings yet
Lab 1 - IAA202
4 pages
Lab 1: IAA
No ratings yet
Lab 1: IAA
3 pages
Lab6 He180930 NguyenTrongDucHai
No ratings yet
Lab6 He180930 NguyenTrongDucHai
7 pages
IT Risk Management Lab Guide
No ratings yet
IT Risk Management Lab Guide
8 pages
Managing Risk in Information Systems: Student Lab Manual
No ratings yet
Managing Risk in Information Systems: Student Lab Manual
9 pages
Lab #6: Assessment Worksheet Develop A Risk Mitigation Plan Outline For An IT Infrastructure
No ratings yet
Lab #6: Assessment Worksheet Develop A Risk Mitigation Plan Outline For An IT Infrastructure
3 pages
Laboratory6 - Tuyendnhe181644
No ratings yet
Laboratory6 - Tuyendnhe181644
5 pages
IT Infrastructure Risk Assessment Guide
No ratings yet
IT Infrastructure Risk Assessment Guide
11 pages
Qualitative Risk Assessment Lab Guide
No ratings yet
Qualitative Risk Assessment Lab Guide
11 pages
NguyenCongTien HE180928 IAA202 LAB1
No ratings yet
NguyenCongTien HE180928 IAA202 LAB1
7 pages
Lab06 IAA202
No ratings yet
Lab06 IAA202
4 pages
IS3110 Lab 1 How To Identify Threats & Vulnerabilities in An IT Infrastructure
100% (7)
IS3110 Lab 1 How To Identify Threats & Vulnerabilities in An IT Infrastructure
3 pages
Lê Công Cảnh SE183750 Lab6
No ratings yet
Lê Công Cảnh SE183750 Lab6
8 pages
Lê Công Cảnh SE183750 Lab1
No ratings yet
Lê Công Cảnh SE183750 Lab1
6 pages
Lab #4 - Assessment Worksheet
No ratings yet
Lab #4 - Assessment Worksheet
2 pages
IT Risk Assessment Guide
No ratings yet
IT Risk Assessment Guide
9 pages
Iaa202 - Lab6 - Ia1803 - Le Tien Long - He171603
No ratings yet
Iaa202 - Lab6 - Ia1803 - Le Tien Long - He171603
7 pages
Lab1 IAA202
No ratings yet
Lab1 IAA202
4 pages
IAA202 IA1804 Lab6 NguyenDinhLongVu HE173399
No ratings yet
IAA202 IA1804 Lab6 NguyenDinhLongVu HE173399
6 pages
Lab06 - IAA202 - HE181705 - Nguyễn Xuân Phương
No ratings yet
Lab06 - IAA202 - HE181705 - Nguyễn Xuân Phương
6 pages
IA1803 Lab 1
No ratings yet
IA1803 Lab 1
5 pages
Iaa202 Lab6
No ratings yet
Iaa202 Lab6
17 pages
Iaa202 Lab6 Se140442
No ratings yet
Iaa202 Lab6 Se140442
17 pages
Iaa202 Ia1806 Phuong NT Lab1
No ratings yet
Iaa202 Ia1806 Phuong NT Lab1
7 pages
Lab1 DungTVHE186529 IA1804
No ratings yet
Lab1 DungTVHE186529 IA1804
8 pages
Group IAA202 Lab6
No ratings yet
Group IAA202 Lab6
9 pages
IT Risk Mitigation Plan Outline
100% (1)
IT Risk Mitigation Plan Outline
4 pages
IAA202 IA1806 LocPDT Lab1
No ratings yet
IAA202 IA1806 LocPDT Lab1
6 pages
BuiCongThanh SE184348 IAA202 Lab 2
No ratings yet
BuiCongThanh SE184348 IAA202 Lab 2
6 pages
COBIT P09 Risk Management Lab
No ratings yet
COBIT P09 Risk Management Lab
6 pages
Lab 2 NguyễnTrọngĐứcHải HE180930
No ratings yet
Lab 2 NguyễnTrọngĐứcHải HE180930
5 pages
IT Exam Timetable Semester 2 2022
No ratings yet
IT Exam Timetable Semester 2 2022
2 pages
Goyal CV
No ratings yet
Goyal CV
2 pages
Spectral Graph Theory and Laplacians
No ratings yet
Spectral Graph Theory and Laplacians
7 pages
Link Bank Account Application Form
100% (1)
Link Bank Account Application Form
4 pages
Hashing Algorithms
No ratings yet
Hashing Algorithms
22 pages
REC 2023 24 Stu HB
No ratings yet
REC 2023 24 Stu HB
58 pages
Linux Commands Cheat Sheet Guide
No ratings yet
Linux Commands Cheat Sheet Guide
21 pages
5 Computer Devices and Their Functions
No ratings yet
5 Computer Devices and Their Functions
6 pages
StandardLibrary ExplicacionBloques
No ratings yet
StandardLibrary ExplicacionBloques
510 pages
Blue Oyster Cult - Last Days Tab
No ratings yet
Blue Oyster Cult - Last Days Tab
9 pages
تقريرات بدء الأمالي للشيخ ميمون زبير الساراني
No ratings yet
تقريرات بدء الأمالي للشيخ ميمون زبير الساراني
41 pages
Infinix Brandbook V2024
No ratings yet
Infinix Brandbook V2024
40 pages
MIS609 Data Management and Analytics: Case Study Report
No ratings yet
MIS609 Data Management and Analytics: Case Study Report
10 pages
Pa 1400 Series
No ratings yet
Pa 1400 Series
7 pages
HP Z600/Z620 Workstation Imaging Guide
No ratings yet
HP Z600/Z620 Workstation Imaging Guide
12 pages
RDBMerge: Excel Data Merging Tool
No ratings yet
RDBMerge: Excel Data Merging Tool
4 pages
BMI Group Calculator English
No ratings yet
BMI Group Calculator English
5 pages
Network Subnetting Guide
No ratings yet
Network Subnetting Guide
4 pages
Square and Square Root (6th Grade)
100% (2)
Square and Square Root (6th Grade)
18 pages
Kanini Legacy Dot-Net App Modernization Ebook
No ratings yet
Kanini Legacy Dot-Net App Modernization Ebook
32 pages
Ece Syllabus R-21
No ratings yet
Ece Syllabus R-21
272 pages
Milky Way FAQs
No ratings yet
Milky Way FAQs
7 pages
PowerEdge R750X - C1
No ratings yet
PowerEdge R750X - C1
16 pages
Venkat - Network Engineer Resume
No ratings yet
Venkat - Network Engineer Resume
4 pages
TMF671 Promotion Management API v4.1.0 Specification
No ratings yet
TMF671 Promotion Management API v4.1.0 Specification
34 pages
Ren'Py Android Save Sync Failure
No ratings yet
Ren'Py Android Save Sync Failure
2 pages
Thermodynamics and Statistical Mechanics An Integrated Approach PDF Download
100% (3)
Thermodynamics and Statistical Mechanics An Integrated Approach PDF Download
14 pages
CNS Mod 2
No ratings yet
CNS Mod 2
72 pages
Bca-601: Multimedia Concepts & Application
0% (1)
Bca-601: Multimedia Concepts & Application
4 pages
Class IX Java Exam Paper
No ratings yet
Class IX Java Exam Paper
5 pages