Abstract image of a woman sitting on books and studying on a laptop

44 Introduction Identifying and assessing risks is.docx

Download as DOCX, PDF
B
blondellchancy

This document provides instructions for developing an outline for an IT risk-mitigation plan. It involves identifying risks, threats and vulnerabilities across the seven domains of a typical IT infrastructure based on a previous qualitative risk assessment. The outline should prioritize risks and include short and long-term remediation steps. It should also define procedures and processes for ongoing risk mitigation. Creating the outline involves reviewing risks across the seven domains and developing a detailed outline with appropriate subtopics and sub-bullets for each domain.

Education
1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
44 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan.
You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical
IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 45 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables
Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 46 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1).
Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure in that lab: 47 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files
Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment
Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access
Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 48 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 5. In your Lab Report file, organize the qualitative risk assessment data according to the following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a
manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. In your Lab Report file, describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. In your Lab Report file, describe the elements of an IT risk- mitigation plan outline by covering the following major topics:
organized into the seven domains ulnerabilities identified throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities T risk-mitigation steps for the seven domains of a typical IT infrastructure solutions 49 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 11. In your Lab Report file, create a detailed IT risk-mitigation
plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. 50 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. – [20%] 2. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. – [20%] 3. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. – [20%] 4. Define procedures and processes needed to maintain a
security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. – [20%] 5. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. – [20%]

More Related Content

DOCX
Managing Riskin InformationSystemsPowered by vLab Solu.docx
jessiehampson
 
DOCX
1 Introduction The task of identifying risks in an.docx
oswald1horne84988
 
DOCX
27 Introduction Risk management begins with first .docx
lorainedeserre
 
DOCX
27 Introduction Risk management begins with first .docx
vickeryr87
 
DOCX
1 Introduction The task of identifying risks in an.docx
jeremylockett77
 
DOCX
For this lab assignment, you are identifying IT domains for identi.docx
hanneloremccaffery
 
DOCX
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
davezstarr61655
 
DOCX
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
tamicawaysmith
 
Managing Riskin InformationSystemsPowered by vLab Solu.docx
jessiehampson
 
1 Introduction The task of identifying risks in an.docx
oswald1horne84988
 
27 Introduction Risk management begins with first .docx
lorainedeserre
 
27 Introduction Risk management begins with first .docx
vickeryr87
 
1 Introduction The task of identifying risks in an.docx
jeremylockett77
 
For this lab assignment, you are identifying IT domains for identi.docx
hanneloremccaffery
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
davezstarr61655
 
3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx
tamicawaysmith
 

Similar to 44 Introduction Identifying and assessing risks is.docx (20)

DOCX
1. On your local computer, create a new document. You will use.docx
stilliegeorgiana
 
DOCX
AM   What is a common size income statement, it is the presentat.docx
daniahendric
 
DOCX
51 Copyright © 2015 by Jones & Bartlett Learning, LLC, .docx
aryan532920
 
PPTX
Problem management foundation - IT risk
Ronald Bartels
 
DOCX
Week3Project Part 1-Task 2 – Risk Assessment.docx
helzerpatrina
 
PPTX
Managing IT Risk and Assessing Vulnerability
AIS Network
 
PPTX
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Innovators
 
DOCX
Essay about kindnessChoose any three consecutive days. During th.docx
SALU18
 
PDF
Risk Assessment: Approach to enhance Network Security
IJCSIS Research Publications
 
PDF
Information Security Risk Management
ipspat
 
DOCX
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
festockton
 
PDF
Microsoft InfoSec for cloud and mobile
Vijayananda Mohire
 
PDF
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
PPTX
DS Crisis Management Foundation Risk
DS
 
DOCX
Group Project RisksThreatsWeaknessesCountermeasures©.docx
whittemorelucilla
 
PPTX
Understanding the security_organization
Dan Morrill
 
PPT
Risk management ii
Dhani Ahmad
 
PPTX
Information Security Risk Management and Compliance.pptx
Abraraw Zerfu
 
PPT
Risk Assessment And Management
vikasraina
 
PPTX
2_IT Risk Starter Kit - How To Guide.pptx
SyedMuhammadHassan17
 
1. On your local computer, create a new document. You will use.docx
stilliegeorgiana
 
AM   What is a common size income statement, it is the presentat.docx
daniahendric
 
51 Copyright © 2015 by Jones & Bartlett Learning, LLC, .docx
aryan532920
 
Problem management foundation - IT risk
Ronald Bartels
 
Week3Project Part 1-Task 2 – Risk Assessment.docx
helzerpatrina
 
Managing IT Risk and Assessing Vulnerability
AIS Network
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Innovators
 
Essay about kindnessChoose any three consecutive days. During th.docx
SALU18
 
Risk Assessment: Approach to enhance Network Security
IJCSIS Research Publications
 
Information Security Risk Management
ipspat
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
festockton
 
Microsoft InfoSec for cloud and mobile
Vijayananda Mohire
 
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
DS Crisis Management Foundation Risk
DS
 
Group Project RisksThreatsWeaknessesCountermeasures©.docx
whittemorelucilla
 
Understanding the security_organization
Dan Morrill
 
Risk management ii
Dhani Ahmad
 
Information Security Risk Management and Compliance.pptx
Abraraw Zerfu
 
Risk Assessment And Management
vikasraina
 
2_IT Risk Starter Kit - How To Guide.pptx
SyedMuhammadHassan17
 
Ad

More from blondellchancy (20)

DOCX
1. Report contentThe report should demonstrate your understa.docx
blondellchancy
 
DOCX
1. Research the assessment process for ELL students in your state. W.docx
blondellchancy
 
DOCX
1. Reply:2.Reply:.docx
blondellchancy
 
DOCX
1. Review the three articles about Inflation that are of any choice..docx
blondellchancy
 
DOCX
1. Read the RiskReport to see what requirements are.2. Read the .docx
blondellchancy
 
DOCX
1. Quantitative According to the scoring criteria for the BAI, .docx
blondellchancy
 
DOCX
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
blondellchancy
 
DOCX
1. Review the results of your assessment using the explanation.docx
blondellchancy
 
DOCX
1. Search the internet and learn about the cases of nurses Julie.docx
blondellchancy
 
DOCX
1. Qualitative or quantitative paperresearch required(Use stati.docx
blondellchancy
 
DOCX
1. Prepare a one page paper on associative analysis. You may researc.docx
blondellchancy
 
DOCX
1. Prepare a comparative table in which you contrast the charact.docx
blondellchancy
 
DOCX
1. Portfolio part II a) APRN protocol also known as collab.docx
blondellchancy
 
DOCX
1. Post the link to one news article, preferably a piece of rece.docx
blondellchancy
 
DOCX
1. Please explain fixed and flexible budgeting. Provide an examp.docx
blondellchancy
 
DOCX
1. Open and print the Week 6 Assignment.2. The assignment .docx
blondellchancy
 
DOCX
1. Plato’s Republic takes as its point of departure the question of .docx
blondellchancy
 
DOCX
1. Objective Learn why and how to develop a plan that encompasses a.docx
blondellchancy
 
DOCX
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
blondellchancy
 
DOCX
1. must be a research article from either pubmed or google scholar..docx
blondellchancy
 
1. Report contentThe report should demonstrate your understa.docx
blondellchancy
 
1. Research the assessment process for ELL students in your state. W.docx
blondellchancy
 
1. Reply:2.Reply:.docx
blondellchancy
 
1. Review the three articles about Inflation that are of any choice..docx
blondellchancy
 
1. Read the RiskReport to see what requirements are.2. Read the .docx
blondellchancy
 
1. Quantitative According to the scoring criteria for the BAI, .docx
blondellchancy
 
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
blondellchancy
 
1. Review the results of your assessment using the explanation.docx
blondellchancy
 
1. Search the internet and learn about the cases of nurses Julie.docx
blondellchancy
 
1. Qualitative or quantitative paperresearch required(Use stati.docx
blondellchancy
 
1. Prepare a one page paper on associative analysis. You may researc.docx
blondellchancy
 
1. Prepare a comparative table in which you contrast the charact.docx
blondellchancy
 
1. Portfolio part II a) APRN protocol also known as collab.docx
blondellchancy
 
1. Post the link to one news article, preferably a piece of rece.docx
blondellchancy
 
1. Please explain fixed and flexible budgeting. Provide an examp.docx
blondellchancy
 
1. Open and print the Week 6 Assignment.2. The assignment .docx
blondellchancy
 
1. Plato’s Republic takes as its point of departure the question of .docx
blondellchancy
 
1. Objective Learn why and how to develop a plan that encompasses a.docx
blondellchancy
 
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
blondellchancy
 
1. must be a research article from either pubmed or google scholar..docx
blondellchancy
 
Ad

Recently uploaded (20)

PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PDF
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
PDF
HVAC Specification 2024 according to central public works department
amitrobanipl
 
PDF
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 2).pdf
CMEmpire
 
PPTX
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
PDF
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
PDF
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
PDF
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PDF
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
PDF
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
DOCX
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
PDF
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
PDF
English Textual Question & Ans (12th Class).pdf
javaidpaswal33
 
PPTX
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
PDF
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PDF
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
PDF
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
PPTX
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
IP : I ; Unit I : Preformulation Studies
RAGHUNATH SAKHARE
 
HVAC Specification 2024 according to central public works department
amitrobanipl
 
BP 505 T. PHARMACEUTICAL JURISPRUDENCE (UNIT 2).pdf
CMEmpire
 
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
Climate and Adaptation MCQs class 7 from chatgpt
AkashDTejwani
 
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
AI-driven educational solutions for real-life interventions in the Philippine...
EleniIlkou
 
English Textual Question & Ans (12th Class).pdf
javaidpaswal33
 
Climate Change and Its Global Impact.pptx
vaishalidobhal148
 
LIFE & LIVING TRILOGY- PART (1) WHO ARE WE.pdf
sureshkumarsoni26
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
MBA _Common_ 2nd year Syllabus _2021-22_.pdf
DrAnubha4
 
DRUGS USED FOR HORMONAL DISORDER, SUPPLIMENTATION, CONTRACEPTION, & MEDICAL T...
SaravananKumar545925
 

44 Introduction Identifying and assessing risks is.docx

  • 1. 44 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan.
  • 2. You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical
  • 3. IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 45 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Deliverables
  • 4. Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. 46 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure (see Figure 1).
  • 5. Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure in that lab: 47 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files
  • 6. Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment
  • 7. Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access
  • 8. Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet 48 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure 5. In your Lab Report file, organize the qualitative risk assessment data according to the following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a
  • 9. manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. In your Lab Report file, describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. In your Lab Report file, describe the elements of an IT risk- mitigation plan outline by covering the following major topics:
  • 10. organized into the seven domains ulnerabilities identified throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities T risk-mitigation steps for the seven domains of a typical IT infrastructure solutions 49 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 11. In your Lab Report file, create a detailed IT risk-mitigation
  • 11. plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. 50 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. – [20%] 2. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. – [20%] 3. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. – [20%] 4. Define procedures and processes needed to maintain a
  • 12. security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. – [20%] 5. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. – [20%]