User destroys data in application and deletesLANHigh all files Hacker penetrates your IT infrastructure and gains access to your internal network System / ApplicationsHigh Intra-office employee romance gone badUser DomainLow Fire destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN – WANMedium vulnerability Unauthorized access to organization owned User DomainHigh workstations Risk – Threat – VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Loss of production dataLANHigh
Denial of service attack on organization DMZ and e-mail serverLAN –WANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unknown unknown e-mail attachment Workstation browser has software vulnerability Mobile employee needs secure browser access to sales order entry system Service provider has a major network outage Weak ingress/egress traffic filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers VPN tunneling between remote computer nd ingress/egress router is needed WLAN access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access DoS/DDoS attack from the WAN/Internet 2.
Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a “1”, “2”, and “3” next to each risk, threat, vulnerability in the “Risk Impact/Factor” column. “1” = Critical, “2” = Major, “3” = Minor. Use the following qualitative risk impact/risk factor metrics: “1” Critical – a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing proper security controls, etc. ) and places the organization in a position of increased liability “2”Major – a risk, threat, or vulnerability that impacts the C-I-A of an organization’s intellectual property assets and IT infrastructure “3”Minor – a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure 3. Craft an executive summary for management using the following 4-paragraph format.
The Essay on Perform A Vulnerability Assessment
Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using ZenMap GUI (Nmap) to perform an IP host, port, and services scan * Perform a vulnerability assessment scan on a targeted IP subnetwork using Nessus® * Compare the results of the ZenMap GUI “Intense Scan” with a Nessus® vulnerability ...
The executive summary must address the following topics: * Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found throughout the IT infrastructure * Prioritization of critical, major, minor risk assessment elements * Risk assessment and risk impact summary * Recommendations and next steps Week 2 Lab: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions & Answers . What is the goal or objective of an IT risk assessment? 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning “1” risk impact/ risk factor value of “Critical” for an identified risk, threat, or vulnerability? 4. When you assembled all of the “1” and “2” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to executive management in regards to your final recommended prioritization?
The Essay on Risk Assessment Worksheet 2
The following paper discusses the risk assessment process while explaining the framework, how each phase interrelates, and why the framework is so important in assisting with the risk assessment process. The paper will also discuss some of the innovations that have occurred over the last several years. Ecological Risk Assessment Framework An ecological risk assessment is a process that analyzes ...