3 ISE 510 Security Risk Analysis & Plan Week 8 HW Developing a Risk Remediation Plan 30 points <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions in blue font before submission: Change file name to HW#8_LAST_FIRST A few comments up front: - The Jones and Bartlett Learning, TOPIC 4, is a valuable source of information. - I encourage you to read through the HW problems below and if you have questions *about* the problem, please ask either through the Classroom or via email. - If you are rusty on security fundamentals then now is a good time to brush up! Let me know and I can point you to refresher resources 1) The table below has a list of Risks Threats and Vulnerabilities. The primary Domain is provided. You are to place the Impact Factor based on the definitions below, and then place a likelihood factor (Low, Medium, High) based on your experience, research or insight. 1 = Critical: A risk, threat or vulnerability that impacts compliance (privacy laws requirements for securing privacy data and implementing proper security controls) and places the organization at increased liability 2 = Major: A risk, threat or vulnerability that impacts confidentiality, integrity or availability of the organization’s intellectual property assets and IT infrastructure 3 = Minor: A risk, threat or vulnerability that impacts user or employee productivity or availability of the IT infrastructure. The first one is done as an example. Rule 1: If there is a Risk Threat or Vulnerability and it has not been exploited yet, it can only have an Impact of 2 or 3. Rule 2: There are no more than ten 1’s # Risks Threats and Vulnerabilities Domain (primary) Impact Factor Likelihood Factor EX Technician (user) uses P2P file sharing on company owned PC #1 - USER domain 2 (might be 1 if it was exploited) high 1 Unauthorized access from Internet to corporate servers and applications #7 - Remote Access Domain 2 User destroys data in application and deletes all files she has access too. #6 Application domain 3 Hacker penetrates your IT infrastructure and gains access to your internal network because default password is left on router #4 LAN-to-WAN domain 4 Two employee’s relationship goes sour #1 - USER domain 5 Fire destroys data center #6 Application domain 6 Workstation OS has known vulnerabilities #2 Workstation domain 7 Internet Service provider has 2% loss of service which is below the SLA. #5 WAN Domain 8 Hacker penetrates IT system by a phishing attach #1 - USER domain 9 LAN switch has default username and password #3 - LAN Domain 10 Denial of service attack on email server #5 WAN Domain 11 User turns off screensaver on PC #1 User domain 12 Corporate Data server has no backups #6 Application domain 13 VPN tunneling between remote computer and ingress/egress router #4 LAN-to-WAN domain 14 Internet Service Provider has major outag ...