SlideShare a Scribd company logo

Managing Riskin InformationSystemsPowered by vLab Solu.docx

Download as DOCX, PDF
J
jessiehampson

This document discusses managing risks in information systems. It explains that identifying risks is challenging but treating them requires making changes and hard decisions. It's important to document the risk mitigation steps taken. The document also notes that appointing a single person to oversee risk treatment ensures corrective actions align with the risk mitigation plan. The purpose of a risk mitigation plan is to define ongoing procedures and processes to mitigate risks across seven domains of an IT infrastructure.

Education
1 of 14
Managing Risk in Information Systems Powered by vLab Solution s JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY VERSION 2.0 INSTRUCTOR VERSION Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.
49 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being
regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan. You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation
steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure.
Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. 51 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Instructor Lab Manual Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 3. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure
in that lab: Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. 52 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad
Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment
Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse
Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. 53 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Instructor Lab Manual 5. Organize the qualitative risk assessment data according to the following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual.
vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve
performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. Describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. Describe the elements of an IT risk-mitigation plan outline by covering the following major topics:
organized into the seven domains fied throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities -mitigation steps for the seven domains of a typical IT infrastructure Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.
54 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure mates for work effort and security solutions 11. Create a detailed IT risk-mitigation plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. Pages from 9781284058680_ILMx_Risk20

Recommended

44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docx44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docxblondellchancy
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxlorainedeserre
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxvickeryr87
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 

Recommended

44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docx44 Introduction Identifying and assessing risks is.docx
44 Introduction Identifying and assessing risks is.docxblondellchancy
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxlorainedeserre
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxvickeryr87
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
Cyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comCyb 610 Your world/newtonhelp.com
Cyb 610 Your world/newtonhelp.comamaranthbeg95
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESIJNSA Journal
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comamaranthbeg72
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comamaranthbeg92
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comamaranthbeg112
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for JavaTim Ellison
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
 
1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docxelliotkimberlee
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
 
Milestones Navigating Late Childhood to AdolescenceFrom the m.docx
Milestones Navigating Late Childhood to AdolescenceFrom the m.docxMilestones Navigating Late Childhood to AdolescenceFrom the m.docx
Milestones Navigating Late Childhood to AdolescenceFrom the m.docxjessiehampson
 
Migration and RefugeesMany immigrants in the region flee persecu.docx
Migration and RefugeesMany immigrants in the region flee persecu.docxMigration and RefugeesMany immigrants in the region flee persecu.docx
Migration and RefugeesMany immigrants in the region flee persecu.docxjessiehampson
 

More Related Content

Similar to Managing Riskin InformationSystemsPowered by vLab Solu.docx

Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementAnton Chuvakin
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxjjvdneut
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESIJNSA Journal
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comamaranthbeg72
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comamaranthbeg92
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comamaranthbeg112
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for JavaTim Ellison
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxdavezstarr61655
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaChris Bailey
 
1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docxelliotkimberlee
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerizationMichel de Goede
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareMike Rizzo
 

Similar to Managing Riskin InformationSystemsPowered by vLab Solu.docx (20)

Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
Balbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptxBalbix-New-CISO-Board-Deck.pptx
Balbix-New-CISO-Board-Deck.pptx
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.com
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.com
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.com
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for Java
 
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docxAssessment Worksheet Aligning Risks, Threats, and Vuln.docx
Assessment Worksheet Aligning Risks, Threats, and Vuln.docx
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
 
1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx1. What are some risks, threats, and vulnerabilities commonly foun.docx
1. What are some risks, threats, and vulnerabilities commonly foun.docx
 
The impact of consumerization
The impact of consumerizationThe impact of consumerization
The impact of consumerization
 
BMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/MalwareBMC - Response to the SolarWinds Breach/Malware
BMC - Response to the SolarWinds Breach/Malware
 

More from jessiehampson

Milestones Navigating Late Childhood to AdolescenceFrom the m.docx
Milestones Navigating Late Childhood to AdolescenceFrom the m.docxMilestones Navigating Late Childhood to AdolescenceFrom the m.docx
Milestones Navigating Late Childhood to AdolescenceFrom the m.docxjessiehampson
 
Migration and RefugeesMany immigrants in the region flee persecu.docx
Migration and RefugeesMany immigrants in the region flee persecu.docxMigration and RefugeesMany immigrants in the region flee persecu.docx
Migration and RefugeesMany immigrants in the region flee persecu.docxjessiehampson
 
Min-2 pagesThe goal is to develop a professional document, take .docx
Min-2 pagesThe goal is to develop a professional document, take .docxMin-2 pagesThe goal is to develop a professional document, take .docx
Min-2 pagesThe goal is to develop a professional document, take .docxjessiehampson
 
Mingzhi HuFirst Paper352020POLS 203Applicati.docx
Mingzhi HuFirst Paper352020POLS 203Applicati.docxMingzhi HuFirst Paper352020POLS 203Applicati.docx
Mingzhi HuFirst Paper352020POLS 203Applicati.docxjessiehampson
 
Miller, 1 Sarah Miller Professor Kristen Johnson C.docx
Miller, 1 Sarah Miller Professor Kristen Johnson C.docxMiller, 1 Sarah Miller Professor Kristen Johnson C.docx
Miller, 1 Sarah Miller Professor Kristen Johnson C.docxjessiehampson
 
Migrating to the Cloud Please respond to the following1. .docx
Migrating to the Cloud Please respond to the following1. .docxMigrating to the Cloud Please respond to the following1. .docx
Migrating to the Cloud Please respond to the following1. .docxjessiehampson
 
Mike, Ana, Tiffany, Josh and Annie are heading to the store to get.docx
Mike, Ana, Tiffany, Josh and Annie are heading to the store to get.docxMike, Ana, Tiffany, Josh and Annie are heading to the store to get.docx
Mike, Ana, Tiffany, Josh and Annie are heading to the store to get.docxjessiehampson
 
Michelle Wrote; There are several different reasons why an inter.docx
Michelle Wrote; There are several different reasons why an inter.docxMichelle Wrote; There are several different reasons why an inter.docx
Michelle Wrote; There are several different reasons why an inter.docxjessiehampson
 
Midterm Lad Report 7Midterm Lab ReportIntroductionCell.docx
Midterm Lad Report 7Midterm Lab ReportIntroductionCell.docxMidterm Lad Report 7Midterm Lab ReportIntroductionCell.docx
Midterm Lad Report 7Midterm Lab ReportIntroductionCell.docxjessiehampson
 
MicroEssay Identify a behavioral tendency that you believe.docx
MicroEssay Identify a behavioral tendency that you believe.docxMicroEssay Identify a behavioral tendency that you believe.docx
MicroEssay Identify a behavioral tendency that you believe.docxjessiehampson
 
MILNETVisionMILNETs vision is to leverage the diverse mili.docx
MILNETVisionMILNETs vision is to leverage the diverse mili.docxMILNETVisionMILNETs vision is to leverage the diverse mili.docx
MILNETVisionMILNETs vision is to leverage the diverse mili.docxjessiehampson
 
midtermAnswer all question with proper number atleast 1 and half.docx
midtermAnswer all question with proper number atleast 1 and half.docxmidtermAnswer all question with proper number atleast 1 and half.docx
midtermAnswer all question with proper number atleast 1 and half.docxjessiehampson
 
Midterm QuestionIs the movement towards human security a true .docx
Midterm QuestionIs the movement towards human security a true .docxMidterm QuestionIs the movement towards human security a true .docx
Midterm QuestionIs the movement towards human security a true .docxjessiehampson
 
MGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docx
MGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docxMGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docx
MGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docxjessiehampson
 
Microsoft Word Editing Version 1.0Software Requirement Speci.docx
Microsoft Word Editing Version 1.0Software Requirement Speci.docxMicrosoft Word Editing Version 1.0Software Requirement Speci.docx
Microsoft Word Editing Version 1.0Software Requirement Speci.docxjessiehampson
 
Microsoft Windows implements access controls by allowing organiz.docx
Microsoft Windows implements access controls by allowing organiz.docxMicrosoft Windows implements access controls by allowing organiz.docx
Microsoft Windows implements access controls by allowing organiz.docxjessiehampson
 
MGT520 Critical Thinking Writing Rubric - Module 10 .docx
MGT520 Critical Thinking Writing Rubric - Module 10 .docxMGT520 Critical Thinking Writing Rubric - Module 10 .docx
MGT520 Critical Thinking Writing Rubric - Module 10 .docxjessiehampson
 
Midterm PaperThe Midterm Paper is worth 100 points. It will .docx
Midterm PaperThe Midterm Paper is worth 100 points. It will .docxMidterm PaperThe Midterm Paper is worth 100 points. It will .docx
Midterm PaperThe Midterm Paper is worth 100 points. It will .docxjessiehampson
 
Miami Florida is considered ground zero for climate change, in parti.docx
Miami Florida is considered ground zero for climate change, in parti.docxMiami Florida is considered ground zero for climate change, in parti.docx
Miami Florida is considered ground zero for climate change, in parti.docxjessiehampson
 
MGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docx
MGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docxMGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docx
MGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docxjessiehampson
 

More from jessiehampson (20)

Milestones Navigating Late Childhood to AdolescenceFrom the m.docx
Milestones Navigating Late Childhood to AdolescenceFrom the m.docxMilestones Navigating Late Childhood to AdolescenceFrom the m.docx
Milestones Navigating Late Childhood to AdolescenceFrom the m.docx
 
Migration and RefugeesMany immigrants in the region flee persecu.docx
Migration and RefugeesMany immigrants in the region flee persecu.docxMigration and RefugeesMany immigrants in the region flee persecu.docx
Migration and RefugeesMany immigrants in the region flee persecu.docx
 
Min-2 pagesThe goal is to develop a professional document, take .docx
Min-2 pagesThe goal is to develop a professional document, take .docxMin-2 pagesThe goal is to develop a professional document, take .docx
Min-2 pagesThe goal is to develop a professional document, take .docx
 
Mingzhi HuFirst Paper352020POLS 203Applicati.docx
Mingzhi HuFirst Paper352020POLS 203Applicati.docxMingzhi HuFirst Paper352020POLS 203Applicati.docx
Mingzhi HuFirst Paper352020POLS 203Applicati.docx
 
Miller, 1 Sarah Miller Professor Kristen Johnson C.docx
Miller, 1 Sarah Miller Professor Kristen Johnson C.docxMiller, 1 Sarah Miller Professor Kristen Johnson C.docx
Miller, 1 Sarah Miller Professor Kristen Johnson C.docx
 
Migrating to the Cloud Please respond to the following1. .docx
Migrating to the Cloud Please respond to the following1. .docxMigrating to the Cloud Please respond to the following1. .docx
Migrating to the Cloud Please respond to the following1. .docx
 
Mike, Ana, Tiffany, Josh and Annie are heading to the store to get.docx
Mike, Ana, Tiffany, Josh and Annie are heading to the store to get.docxMike, Ana, Tiffany, Josh and Annie are heading to the store to get.docx
Mike, Ana, Tiffany, Josh and Annie are heading to the store to get.docx
 
Michelle Wrote; There are several different reasons why an inter.docx
Michelle Wrote; There are several different reasons why an inter.docxMichelle Wrote; There are several different reasons why an inter.docx
Michelle Wrote; There are several different reasons why an inter.docx
 
Midterm Lad Report 7Midterm Lab ReportIntroductionCell.docx
Midterm Lad Report 7Midterm Lab ReportIntroductionCell.docxMidterm Lad Report 7Midterm Lab ReportIntroductionCell.docx
Midterm Lad Report 7Midterm Lab ReportIntroductionCell.docx
 
MicroEssay Identify a behavioral tendency that you believe.docx
MicroEssay Identify a behavioral tendency that you believe.docxMicroEssay Identify a behavioral tendency that you believe.docx
MicroEssay Identify a behavioral tendency that you believe.docx
 
MILNETVisionMILNETs vision is to leverage the diverse mili.docx
MILNETVisionMILNETs vision is to leverage the diverse mili.docxMILNETVisionMILNETs vision is to leverage the diverse mili.docx
MILNETVisionMILNETs vision is to leverage the diverse mili.docx
 
midtermAnswer all question with proper number atleast 1 and half.docx
midtermAnswer all question with proper number atleast 1 and half.docxmidtermAnswer all question with proper number atleast 1 and half.docx
midtermAnswer all question with proper number atleast 1 and half.docx
 
Midterm QuestionIs the movement towards human security a true .docx
Midterm QuestionIs the movement towards human security a true .docxMidterm QuestionIs the movement towards human security a true .docx
Midterm QuestionIs the movement towards human security a true .docx
 
MGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docx
MGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docxMGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docx
MGT526 v1Wk 2 – Apply Organizational AnalysisMGT526 v1Pag.docx
 
Microsoft Word Editing Version 1.0Software Requirement Speci.docx
Microsoft Word Editing Version 1.0Software Requirement Speci.docxMicrosoft Word Editing Version 1.0Software Requirement Speci.docx
Microsoft Word Editing Version 1.0Software Requirement Speci.docx
 
Microsoft Windows implements access controls by allowing organiz.docx
Microsoft Windows implements access controls by allowing organiz.docxMicrosoft Windows implements access controls by allowing organiz.docx
Microsoft Windows implements access controls by allowing organiz.docx
 
MGT520 Critical Thinking Writing Rubric - Module 10 .docx
MGT520 Critical Thinking Writing Rubric - Module 10 .docxMGT520 Critical Thinking Writing Rubric - Module 10 .docx
MGT520 Critical Thinking Writing Rubric - Module 10 .docx
 
Midterm PaperThe Midterm Paper is worth 100 points. It will .docx
Midterm PaperThe Midterm Paper is worth 100 points. It will .docxMidterm PaperThe Midterm Paper is worth 100 points. It will .docx
Midterm PaperThe Midterm Paper is worth 100 points. It will .docx
 
Miami Florida is considered ground zero for climate change, in parti.docx
Miami Florida is considered ground zero for climate change, in parti.docxMiami Florida is considered ground zero for climate change, in parti.docx
Miami Florida is considered ground zero for climate change, in parti.docx
 
MGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docx
MGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docxMGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docx
MGT230 v6Nordstrom Case Study AnalysisMGT230 v6Page 2 of 2.docx
 

Recently uploaded

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 

Recently uploaded (20)

mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 

Managing Riskin InformationSystemsPowered by vLab Solu.docx

  • 1. Managing Risk in Information Systems Powered by vLab Solution s JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY VERSION 2.0 INSTRUCTOR VERSION Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.
  • 2. 49 Introduction Identifying and assessing risks is challenging, but treating them is another matter entirely. Treating risks means making changes based on a risk assessment and probably a few hard decisions. When treating even the most straightforward of risks, practice due diligence by documenting what steps you are taking to mitigate the risk. If you don’t document the change and the reasoning behind it, it’s possible that your organization could reverse the mitigation and reintroduce the risk based on the notion of “but that’s how we always did it before.” After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being
  • 3. regularly applied. If a security incident arises even with the change in place, having a single person in charge will ensure that any corrective action aligns with the risk-mitigation plan. You’re not appointing someone so you can blame that person if things go wrong; you are instead investing that individual with the autonomy to manage the incident effectively. The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a baseline for ongoing mitigation of risks in the seven domains of an IT infrastructure. In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation
  • 4. steps, you will define procedures and processes needed to maintain a security baseline for ongoing mitigation, and you will create an outline for an IT risk-mitigation plan. Learning Objectives Upon completing this lab, you will be able to: Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical IT infrastructure. Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical IT infrastructure. Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure.
  • 5. Define procedures and processes needed to maintain a security baseline definition for ongoing risk mitigation in the seven domains of a typical IT infrastructure. Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical IT infrastructure. Lab #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. 51 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
  • 6. www.jblearning.com Instructor Lab Manual Hands-On Steps This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 3. Review the seven domains of a typical IT infrastructure (see Figure 1). Figure 1 Seven domains of a typical IT infrastructure 4. Using the following table, review the results of your assessments in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition, review the results of how you categorized and prioritized the risks for the IT infrastructure
  • 7. in that lab: Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. 52 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure Risks, Threats, and Vulnerabilities Primary Domain Impacted Risk Impact/ Factor Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intraoffice employee romance gone bad
  • 8. Fire destroys primary data center Service provider service level agreement (SLA) is not achieved Workstation operating system (OS) has a known software vulnerability Unauthorized access to organization- owned workstations Loss of production data Denial of service attack on organization Demilitarized Zone (DMZ) and e-mail server Remote communications from home office Local Area Network (LAN) server OS has a known software vulnerability User downloads and clicks on an unknown e-mail attachment
  • 9. Workstation browser has a software vulnerability Mobile employee needs secure browser access to sales-order entry system Service provider has a major network outage Weak ingress/egress traffic-filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers Virtual Private Network (VPN) tunneling between remote computer and ingress/egress router is needed Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse
  • 10. Need to prevent eavesdropping on WLAN due to customer privacy data access Denial of service (DoS)/distributed denial of service (DDoS) attack from the Wide Area Network (WAN)/Internet Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. 53 Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Instructor Lab Manual 5. Organize the qualitative risk assessment data according to the following: Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual.
  • 11. vulnerabilities identified throughout the seven domains of a typical IT infrastructure. Fighting Fear In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop you from treating the risk. Here are two tips to fight a manager’s fear: Prepare for your manager’s “What if?” questions. Example of a manager’s question: “What if we apply the firewall but it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.” Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve
  • 12. performed, which will calculate the risk’s likelihood and consequences. 6. On your local computer, open a new Internet browser window. 7. In the address box of your Internet browser, type the URL http://www.mitre.org/publications/systems-engineering- guide/acquisition-systems- engineering/risk-management/risk-impact-assessment-and- prioritization and press Enter to open the Web site. 8. Read the article titled “Risk Impact Assessment and Prioritization.” 9. Describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan. 10. Describe the elements of an IT risk-mitigation plan outline by covering the following major topics:
  • 13. organized into the seven domains fied throughout the IT infrastructure -term remediation steps for critical “1” risks, threats, and vulnerabilities -term remediation steps for major “2” and minor “3” risks, threats, and vulnerabilities -mitigation steps for the seven domains of a typical IT infrastructure Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved.
  • 14. 54 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure mates for work effort and security solutions 11. Create a detailed IT risk-mitigation plan outline by inserting appropriate subtopics and sub-bullets. This completes the lab. Close the Web browser, if you have not already done so. Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company - All Rights Reserved. Pages from 9781284058680_ILMx_Risk20