SlideShare a Scribd company logo

3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx

Download as DOCX, PDF
T
tamicawaysmith

3 ISE 510 Security Risk Analysis & Plan Week 8 HW Developing a Risk Remediation Plan 30 points <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions in blue font before submission: Change file name to HW#8_LAST_FIRST A few comments up front: - The Jones and Bartlett Learning, TOPIC 4, is a valuable source of information. - I encourage you to read through the HW problems below and if you have questions *about* the problem, please ask either through the Classroom or via email. - If you are rusty on security fundamentals then now is a good time to brush up! Let me know and I can point you to refresher resources 1) The table below has a list of Risks Threats and Vulnerabilities. The primary Domain is provided. You are to place the Impact Factor based on the definitions below, and then place a likelihood factor (Low, Medium, High) based on your experience, research or insight. 1 = Critical: A risk, threat or vulnerability that impacts compliance (privacy laws requirements for securing privacy data and implementing proper security controls) and places the organization at increased liability 2 = Major: A risk, threat or vulnerability that impacts confidentiality, integrity or availability of the organization’s intellectual property assets and IT infrastructure 3 = Minor: A risk, threat or vulnerability that impacts user or employee productivity or availability of the IT infrastructure. The first one is done as an example. Rule 1: If there is a Risk Threat or Vulnerability and it has not been exploited yet, it can only have an Impact of 2 or 3. Rule 2: There are no more than ten 1’s # Risks Threats and Vulnerabilities Domain (primary) Impact Factor Likelihood Factor EX Technician (user) uses P2P file sharing on company owned PC #1 - USER domain 2 (might be 1 if it was exploited) high 1 Unauthorized access from Internet to corporate servers and applications #7 - Remote Access Domain 2 User destroys data in application and deletes all files she has access too. #6 Application domain 3 Hacker penetrates your IT infrastructure and gains access to your internal network because default password is left on router #4 LAN-to-WAN domain 4 Two employee’s relationship goes sour #1 - USER domain 5 Fire destroys data center #6 Application domain 6 Workstation OS has known vulnerabilities #2 Workstation domain 7 Internet Service provider has 2% loss of service which is below the SLA. #5 WAN Domain 8 Hacker penetrates IT system by a phishing attach #1 - USER domain 9 LAN switch has default username and password #3 - LAN Domain 10 Denial of service attack on email server #5 WAN Domain 11 User turns off screensaver on PC #1 User domain 12 Corporate Data server has no backups #6 Application domain 13 VPN tunneling between remote computer and ingress/egress router #4 LAN-to-WAN domain 14 Internet Service Provider has major outag ...

Education
1 of 9
3 ISE 510 Security Risk Analysis & Plan Week 8 HW Developing a Risk Remediation Plan 30 points <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions in blue font before submission: Change file name to HW#8_LAST_FIRST A few comments up front: - The Jones and Bartlett Learning, TOPIC 4, is a valuable source of information. - I encourage you to read through the HW problems below and if you have questions *about* the problem, please ask either through the Classroom or via email. - If you are rusty on security fundamentals then now is a good time to brush up! Let me know and I can point you to refresher resources
1) The table below has a list of Risks Threats and Vulnerabilities. The primary Domain is provided. You are to place the Impact Factor based on the definitions below, and then place a likelihood factor (Low, Medium, High) based on your experience, research or insight. 1 = Critical: A risk, threat or vulnerability that impacts compliance (privacy laws requirements for securing privacy data and implementing proper security controls) and places the organization at increased liability 2 = Major: A risk, threat or vulnerability that impacts confidentiality, integrity or availability of the organization’s intellectual property assets and IT infrastructure 3 = Minor: A risk, threat or vulnerability that impacts user or employee productivity or availability of the IT infrastructure. The first one is done as an example. Rule 1: If there is a Risk Threat or Vulnerability and it has not been exploited yet, it can only have an Impact of 2 or 3. Rule 2: There are no more than ten 1’s # Risks Threats and Vulnerabilities Domain (primary) Impact Factor Likelihood Factor EX Technician (user) uses P2P file sharing on company owned PC #1 - USER domain 2 (might be 1 if it was exploited) high 1 Unauthorized access from Internet to corporate servers and applications #7 - Remote Access Domain
2 User destroys data in application and deletes all files she has access too. #6 Application domain 3 Hacker penetrates your IT infrastructure and gains access to your internal network because default password is left on router #4 LAN-to-WAN domain 4 Two employee’s relationship goes sour #1 - USER domain 5 Fire destroys data center #6 Application domain 6 Workstation OS has known vulnerabilities #2 Workstation domain 7 Internet Service provider has 2% loss of service which is below the SLA. #5 WAN Domain 8 Hacker penetrates IT system by a phishing attach
#1 - USER domain 9 LAN switch has default username and password #3 - LAN Domain 10 Denial of service attack on email server #5 WAN Domain 11 User turns off screensaver on PC #1 User domain 12 Corporate Data server has no backups #6 Application domain 13 VPN tunneling between remote computer and ingress/egress router #4 LAN-to-WAN domain 14 Internet Service Provider has major outage; no employees can access Internet #5 WAN domain 15
Web browser vulnerabilities exist on client machines #2 Workstation domain 16 A general-purpose sniffer is found on organization-controlled client PCs #2 Workstation domain 17 System admin has found DNS cache poisoning attack #5 WAN Domain 18 The Telecommunications closet where the switches and routers reside is unlocked and open because the AC is broken. #3 - LAN Domain 19 Attacker tries brute force attack against Corporate Portal #7 - Remote Access Domain 20 DDoS attack from the WAN/Internet #5 WAN Domain 21 WLAN access points are needed for LAN connectivity within warehouse #3 - LAN Domain
22 WLAN access points need to be protected from eavesdropping #3 - LAN Domain 23 Weak ingress/egress traffic filtering degrades performance #4 LAN-to-WAN domain 2) Frequency Table Looking at your table above, count the number of “High-1” and place the number in cell High-1; then High-2, High-3, Med-1 etc. repeat for all cells. The total of all the cells will be 23. Impact 1 2 3
Low Medium High Probability What can you observe about the distribution? Is this company in trouble or are they close to being secure? 3) Remediation plan For the top 3 most critical risks, threats, or vulnerabilities, give a primary and an alternate remediation course of action. The primary course of action is what you recommend to Management, the alternative is usually not as effective but cheaper. Be sure to consider cost in your recommendation to Management. Use references on each. 3-1. State the risk, threat, or vulnerability here Primary: Alternate: 3-2. State the risk, threat, or vulnerability here Primary: Alternate: 3-3. State the risk, threat, or vulnerability here Primary: Alternate: 4) General Questions regarding Risk-Mitigation: a) What risk-mitigation solutions do you recommend for the problem of: User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned
computers? b) Why is Continuity of Operations an important risk-mitigation requirement? c) Why is the Remote Access Domain the most risk-prone of all in a typical IT infrastructure? d) When considering the implementation of software updates, software patches, and software fixes, why must you test the upgrade or software patch before you implement it? Appendix - Seven major areas of risk in IT infrastructure From: Jones and Bartlett Learning, TOPIC 1. Q: What are the major areas of risk in IT infrastructure? See Image below. A: The seven domains of the typical IT infrastructure are the major areas of risk. 1. USER: The user domain risk areas include user names, passwords, biometric or other authentication, and social engineering. 2. WORKSTATION: In the workstation domain, the risk areas include end user systems, laptops, desktops, and cells phones. The “desktop domain” where most users enter the IT infrastructure 3. LAN: In the local area network (LAN) domain, the risk areas include the equipment required to create an internal LAN, such as hubs, switches, and media. Small network organized by function or department, allowing access to all resources on the LANs.
4. LAN-to-WAN: The risk areas in the LAN-to-wide area network (WAN) domain include the transition area between the LAN and the WAN, including the router and the firewall. The point at which the IT infrastructure joins a WAN and the Internet 5. WAN: The WAN domain risk areas include the routers and circuits connecting the WAN. The point at which the WAN connects to other WANs via the Internet 6. APPLICATION: In the system, or application, domain, the risk areas include the applications you run on your network, such as e-mail, database, and Web applications. Holds all of the mission-critical systems, applications, and data 7. REMOTE ACCESS: The risk areas in the remote access domain include applications, such as a virtual private network (VPN) to guide remote or travelling users. Connects remote employees and partners to the IT infrastructure Seven major areas of risk in IT infrastructure

Recommended

1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docx1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docxstilliegeorgiana
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcKristen Wilson
 
shawn.rainbolt.it240.finalproject.week9
shawn.rainbolt.it240.finalproject.week9shawn.rainbolt.it240.finalproject.week9
shawn.rainbolt.it240.finalproject.week9Shawn Rainbolt
 
NT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docx
NT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docxNT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docx
NT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docxhenrymartin15260
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxlorainedeserre
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxvickeryr87
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 

Recommended

1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docx1. On your local computer, create a new document. You will use.docx
1. On your local computer, create a new document. You will use.docxstilliegeorgiana
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxoswald1horne84988
 
Advantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcAdvantages And Disadvantages Of Nc
Advantages And Disadvantages Of NcKristen Wilson
 
shawn.rainbolt.it240.finalproject.week9
shawn.rainbolt.it240.finalproject.week9shawn.rainbolt.it240.finalproject.week9
shawn.rainbolt.it240.finalproject.week9Shawn Rainbolt
 
NT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docx
NT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docxNT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docx
NT2580 Week 4 Hardening a NetworkAnalysis 4.2Availability, In.docxhenrymartin15260
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxlorainedeserre
 
27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docx27 Introduction Risk management begins with first .docx
27 Introduction Risk management begins with first .docxvickeryr87
 
1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docx1 Introduction The task of identifying risks in an.docx
1 Introduction The task of identifying risks in an.docxjeremylockett77
 
Week3Project Part 1-Task 2 – Risk Assessment.docx
Week3Project Part 1-Task 2 – Risk Assessment.docxWeek3Project Part 1-Task 2 – Risk Assessment.docx
Week3Project Part 1-Task 2 – Risk Assessment.docxhelzerpatrina
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting startedNamgu Jeong
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPace IT at Edmonds Community College
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final showahmad abdelhafeez
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
WAN Design Project
WAN Design ProjectWAN Design Project
WAN Design ProjectD Ther Htun
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10Gaurav Narwani
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Tương Hoàng
 
PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)Pace IT at Edmonds Community College
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year projectAmeya Vashishth
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx14941
 
WEEK 6 RESPONSES.docx
WEEK 6 RESPONSES.docxWEEK 6 RESPONSES.docx
WEEK 6 RESPONSES.docxwrite5
 
Application Of An Operating System Security
Application Of An Operating System SecurityApplication Of An Operating System Security
Application Of An Operating System SecurityAmber Wheeler
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 
Measuring black boxes
Measuring black boxesMeasuring black boxes
Measuring black boxesPhil Huggins FBCS CITP
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.comIJERD Editor
 
(No Plagiarism) Explain the statement Although many leading organi.docx
(No Plagiarism) Explain the statement Although many leading organi.docx(No Plagiarism) Explain the statement Although many leading organi.docx
(No Plagiarism) Explain the statement Although many leading organi.docxtamicawaysmith
 
 What made you choose this career path What advice do you hav.docx
 What made you choose this career path What advice do you hav.docx What made you choose this career path What advice do you hav.docx
 What made you choose this career path What advice do you hav.docxtamicawaysmith
 

More Related Content

Similar to 3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx

Week3Project Part 1-Task 2 – Risk Assessment.docx
Week3Project Part 1-Task 2 – Risk Assessment.docxWeek3Project Part 1-Task 2 – Risk Assessment.docx
Week3Project Part 1-Task 2 – Risk Assessment.docxhelzerpatrina
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting startedNamgu Jeong
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentalsJassika
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present DangersPeter Wood
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
WAN Design Project
WAN Design ProjectWAN Design Project
WAN Design ProjectD Ther Htun
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Tương Hoàng
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year projectAmeya Vashishth
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx14941
 
WEEK 6 RESPONSES.docx
WEEK 6 RESPONSES.docxWEEK 6 RESPONSES.docx
WEEK 6 RESPONSES.docxwrite5
 
Application Of An Operating System Security
Application Of An Operating System SecurityApplication Of An Operating System Security
Application Of An Operating System SecurityAmber Wheeler
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsLondon School of Cyber Security
 

Similar to 3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx (20)

Week3Project Part 1-Task 2 – Risk Assessment.docx
Week3Project Part 1-Task 2 – Risk Assessment.docxWeek3Project Part 1-Task 2 – Risk Assessment.docx
Week3Project Part 1-Task 2 – Risk Assessment.docx
 
Dr3150012012202 1.getting started
Dr3150012012202 1.getting startedDr3150012012202 1.getting started
Dr3150012012202 1.getting started
 
report on network security fundamentals
report on network security fundamentalsreport on network security fundamentals
report on network security fundamentals
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Network Security - Real and Present Dangers
Network Security - Real and Present DangersNetwork Security - Real and Present Dangers
Network Security - Real and Present Dangers
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
WAN Design Project
WAN Design ProjectWAN Design Project
WAN Design Project
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...
 
PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)PACE-IT: Common Threats (part 1)
PACE-IT: Common Threats (part 1)
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
cloud computing final year project
cloud computing final year projectcloud computing final year project
cloud computing final year project
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
 
WEEK 6 RESPONSES.docx
WEEK 6 RESPONSES.docxWEEK 6 RESPONSES.docx
WEEK 6 RESPONSES.docx
 
Application Of An Operating System Security
Application Of An Operating System SecurityApplication Of An Operating System Security
Application Of An Operating System Security
 
How To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and ForensicsHow To Defeat Advanced Malware. New Tools for Protection and Forensics
How To Defeat Advanced Malware. New Tools for Protection and Forensics
 
Measuring black boxes
Measuring black boxesMeasuring black boxes
Measuring black boxes
 
www.ijerd.com
www.ijerd.comwww.ijerd.com
www.ijerd.com
 

More from tamicawaysmith

(No Plagiarism) Explain the statement Although many leading organi.docx
(No Plagiarism) Explain the statement Although many leading organi.docx(No Plagiarism) Explain the statement Although many leading organi.docx
(No Plagiarism) Explain the statement Although many leading organi.docxtamicawaysmith
 
 What made you choose this career path What advice do you hav.docx
 What made you choose this career path What advice do you hav.docx What made you choose this career path What advice do you hav.docx
 What made you choose this career path What advice do you hav.docxtamicawaysmith
 
 Patient Population The student will describe the patient populati.docx
 Patient Population The student will describe the patient populati.docx Patient Population The student will describe the patient populati.docx
 Patient Population The student will describe the patient populati.docxtamicawaysmith
 
 Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx
 Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx
 Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docxtamicawaysmith
 
 In depth analysis of your physical fitness progress  Term p.docx
 In depth analysis of your physical fitness progress  Term p.docx In depth analysis of your physical fitness progress  Term p.docx
 In depth analysis of your physical fitness progress  Term p.docxtamicawaysmith
 
 Information systems infrastructure evolution and trends  Str.docx
 Information systems infrastructure evolution and trends  Str.docx Information systems infrastructure evolution and trends  Str.docx
 Information systems infrastructure evolution and trends  Str.docxtamicawaysmith
 
⦁One to two paragraph brief summary of the book. ⦁Who is the.docx
⦁One to two paragraph brief summary of the book. ⦁Who is the.docx⦁One to two paragraph brief summary of the book. ⦁Who is the.docx
⦁One to two paragraph brief summary of the book. ⦁Who is the.docxtamicawaysmith
 
101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx
101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx
101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docxtamicawaysmith
 
100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx
100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx
100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docxtamicawaysmith
 
100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx
100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx
100635307FLORIDABUILDINGCODE Sixth Edition(2017).docxtamicawaysmith
 
1003Violence Against WomenVolume 12 Number 11Novembe.docx
1003Violence Against WomenVolume 12 Number 11Novembe.docx1003Violence Against WomenVolume 12 Number 11Novembe.docx
1003Violence Against WomenVolume 12 Number 11Novembe.docxtamicawaysmith
 
102120151De-Myth-tifying Grading in Sp.docx
102120151De-Myth-tifying Grading in Sp.docx102120151De-Myth-tifying Grading in Sp.docx
102120151De-Myth-tifying Grading in Sp.docxtamicawaysmith
 
100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx
100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx
100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docxtamicawaysmith
 
100 words agree or disagree to eac questions Q 1.As her .docx
100 words agree or disagree to eac questions Q 1.As her .docx100 words agree or disagree to eac questions Q 1.As her .docx
100 words agree or disagree to eac questions Q 1.As her .docxtamicawaysmith
 
101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx
101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx
101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docxtamicawaysmith
 
100 words per question, no references needed or quotations. Only a g.docx
100 words per question, no references needed or quotations. Only a g.docx100 words per question, no references needed or quotations. Only a g.docx
100 words per question, no references needed or quotations. Only a g.docxtamicawaysmith
 
100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx
100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx
100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docxtamicawaysmith
 
10122018Week 5 Required Reading and Supplementary Materials - .docx
10122018Week 5 Required Reading and Supplementary Materials - .docx10122018Week 5 Required Reading and Supplementary Materials - .docx
10122018Week 5 Required Reading and Supplementary Materials - .docxtamicawaysmith
 
101416 526 PMAfter September 11 Our State of Exception by .docx
101416 526 PMAfter September 11 Our State of Exception by .docx101416 526 PMAfter September 11 Our State of Exception by .docx
101416 526 PMAfter September 11 Our State of Exception by .docxtamicawaysmith
 
100 words per question, no references needed or quotations. Only.docx
100 words per question, no references needed or quotations. Only.docx100 words per question, no references needed or quotations. Only.docx
100 words per question, no references needed or quotations. Only.docxtamicawaysmith
 

More from tamicawaysmith (20)

(No Plagiarism) Explain the statement Although many leading organi.docx
(No Plagiarism) Explain the statement Although many leading organi.docx(No Plagiarism) Explain the statement Although many leading organi.docx
(No Plagiarism) Explain the statement Although many leading organi.docx
 
 What made you choose this career path What advice do you hav.docx
 What made you choose this career path What advice do you hav.docx What made you choose this career path What advice do you hav.docx
 What made you choose this career path What advice do you hav.docx
 
 Patient Population The student will describe the patient populati.docx
 Patient Population The student will describe the patient populati.docx Patient Population The student will describe the patient populati.docx
 Patient Population The student will describe the patient populati.docx
 
 Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx
 Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx
 Dr. Paul Murray  Bessie Coleman  Jean-Bapiste Bell.docx
 
 In depth analysis of your physical fitness progress  Term p.docx
 In depth analysis of your physical fitness progress  Term p.docx In depth analysis of your physical fitness progress  Term p.docx
 In depth analysis of your physical fitness progress  Term p.docx
 
 Information systems infrastructure evolution and trends  Str.docx
 Information systems infrastructure evolution and trends  Str.docx Information systems infrastructure evolution and trends  Str.docx
 Information systems infrastructure evolution and trends  Str.docx
 
⦁One to two paragraph brief summary of the book. ⦁Who is the.docx
⦁One to two paragraph brief summary of the book. ⦁Who is the.docx⦁One to two paragraph brief summary of the book. ⦁Who is the.docx
⦁One to two paragraph brief summary of the book. ⦁Who is the.docx
 
101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx
101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx
101018, 6(27 PMPage 1 of 65httpsjigsaw.vitalsource.co.docx
 
100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx
100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx
100.0 Criteria10.0 Part 1 PLAAFP The PLAAFP thoroughly an.docx
 
100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx
100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx
100635307FLORIDABUILDINGCODE Sixth Edition(2017).docx
 
1003Violence Against WomenVolume 12 Number 11Novembe.docx
1003Violence Against WomenVolume 12 Number 11Novembe.docx1003Violence Against WomenVolume 12 Number 11Novembe.docx
1003Violence Against WomenVolume 12 Number 11Novembe.docx
 
102120151De-Myth-tifying Grading in Sp.docx
102120151De-Myth-tifying Grading in Sp.docx102120151De-Myth-tifying Grading in Sp.docx
102120151De-Myth-tifying Grading in Sp.docx
 
100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx
100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx
100.0 Criteria30.0 Flowchart ContentThe flowchart skillful.docx
 
100 words agree or disagree to eac questions Q 1.As her .docx
100 words agree or disagree to eac questions Q 1.As her .docx100 words agree or disagree to eac questions Q 1.As her .docx
100 words agree or disagree to eac questions Q 1.As her .docx
 
101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx
101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx
101118, 4(36 PMCollection – MSA 603 Strategic Planning for t.docx
 
100 words per question, no references needed or quotations. Only a g.docx
100 words per question, no references needed or quotations. Only a g.docx100 words per question, no references needed or quotations. Only a g.docx
100 words per question, no references needed or quotations. Only a g.docx
 
100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx
100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx
100A 22 4 451A 1034 51B 1000 101C 1100 11D 112.docx
 
10122018Week 5 Required Reading and Supplementary Materials - .docx
10122018Week 5 Required Reading and Supplementary Materials - .docx10122018Week 5 Required Reading and Supplementary Materials - .docx
10122018Week 5 Required Reading and Supplementary Materials - .docx
 
101416 526 PMAfter September 11 Our State of Exception by .docx
101416 526 PMAfter September 11 Our State of Exception by .docx101416 526 PMAfter September 11 Our State of Exception by .docx
101416 526 PMAfter September 11 Our State of Exception by .docx
 
100 words per question, no references needed or quotations. Only.docx
100 words per question, no references needed or quotations. Only.docx100 words per question, no references needed or quotations. Only.docx
100 words per question, no references needed or quotations. Only.docx
 

Recently uploaded

Ernest Hemingway's For Whom the Bell Tolls
Ernest Hemingway's For Whom the Bell TollsErnest Hemingway's For Whom the Bell Tolls
Ernest Hemingway's For Whom the Bell TollsPallavi Parmar
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfJerry Chew
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital ManagementMBA Assignment Experts
 
e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopale-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi RajagopalEADTU
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxCeline George
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...EduSkills OECD
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxannathomasp01
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxCeline George
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17Celine George
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...EADTU
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSAnaAcapella
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxneillewis46
 
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxMichaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxRugvedSathawane
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...Gary Wood
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17Celine George
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Celine George
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonhttgc7rh9c
 

Recently uploaded (20)

Ernest Hemingway's For Whom the Bell Tolls
Ernest Hemingway's For Whom the Bell TollsErnest Hemingway's For Whom the Bell Tolls
Ernest Hemingway's For Whom the Bell Tolls
 
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdfRich Dad Poor Dad ( PDFDrive.com )--.pdf
Rich Dad Poor Dad ( PDFDrive.com )--.pdf
 
8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management8 Tips for Effective Working Capital Management
8 Tips for Effective Working Capital Management
 
e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopale-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopal
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
What is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptxWhat is 3 Way Matching Process in Odoo 17.pptx
What is 3 Way Matching Process in Odoo 17.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptxMichaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
Michaelis Menten Equation and Estimation Of Vmax and Tmax.pptx
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...
 
How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17How to Send Pro Forma Invoice to Your Customers in Odoo 17
How to Send Pro Forma Invoice to Your Customers in Odoo 17
 
Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17Model Attribute _rec_name in the Odoo 17
Model Attribute _rec_name in the Odoo 17
 
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lessonQUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
QUATER-1-PE-HEALTH-LC2- this is just a sample of unpacked lesson
 

3 ISE 510 Security Risk Analysis & Plan Week 8 HW De.docx

  • 1. 3 ISE 510 Security Risk Analysis & Plan Week 8 HW Developing a Risk Remediation Plan 30 points <Last Name, First Name> Due <DATE> Submitted on <DATE> If late let me know why: ===================================== Delete these instructions in blue font before submission: Change file name to HW#8_LAST_FIRST A few comments up front: - The Jones and Bartlett Learning, TOPIC 4, is a valuable source of information. - I encourage you to read through the HW problems below and if you have questions *about* the problem, please ask either through the Classroom or via email. - If you are rusty on security fundamentals then now is a good time to brush up! Let me know and I can point you to refresher resources
  • 2. 1) The table below has a list of Risks Threats and Vulnerabilities. The primary Domain is provided. You are to place the Impact Factor based on the definitions below, and then place a likelihood factor (Low, Medium, High) based on your experience, research or insight. 1 = Critical: A risk, threat or vulnerability that impacts compliance (privacy laws requirements for securing privacy data and implementing proper security controls) and places the organization at increased liability 2 = Major: A risk, threat or vulnerability that impacts confidentiality, integrity or availability of the organization’s intellectual property assets and IT infrastructure 3 = Minor: A risk, threat or vulnerability that impacts user or employee productivity or availability of the IT infrastructure. The first one is done as an example. Rule 1: If there is a Risk Threat or Vulnerability and it has not been exploited yet, it can only have an Impact of 2 or 3. Rule 2: There are no more than ten 1’s # Risks Threats and Vulnerabilities Domain (primary) Impact Factor Likelihood Factor EX Technician (user) uses P2P file sharing on company owned PC #1 - USER domain 2 (might be 1 if it was exploited) high 1 Unauthorized access from Internet to corporate servers and applications #7 - Remote Access Domain
  • 3. 2 User destroys data in application and deletes all files she has access too. #6 Application domain 3 Hacker penetrates your IT infrastructure and gains access to your internal network because default password is left on router #4 LAN-to-WAN domain 4 Two employee’s relationship goes sour #1 - USER domain 5 Fire destroys data center #6 Application domain 6 Workstation OS has known vulnerabilities #2 Workstation domain 7 Internet Service provider has 2% loss of service which is below the SLA. #5 WAN Domain 8 Hacker penetrates IT system by a phishing attach
  • 4. #1 - USER domain 9 LAN switch has default username and password #3 - LAN Domain 10 Denial of service attack on email server #5 WAN Domain 11 User turns off screensaver on PC #1 User domain 12 Corporate Data server has no backups #6 Application domain 13 VPN tunneling between remote computer and ingress/egress router #4 LAN-to-WAN domain 14 Internet Service Provider has major outage; no employees can access Internet #5 WAN domain 15
  • 5. Web browser vulnerabilities exist on client machines #2 Workstation domain 16 A general-purpose sniffer is found on organization-controlled client PCs #2 Workstation domain 17 System admin has found DNS cache poisoning attack #5 WAN Domain 18 The Telecommunications closet where the switches and routers reside is unlocked and open because the AC is broken. #3 - LAN Domain 19 Attacker tries brute force attack against Corporate Portal #7 - Remote Access Domain 20 DDoS attack from the WAN/Internet #5 WAN Domain 21 WLAN access points are needed for LAN connectivity within warehouse #3 - LAN Domain
  • 6. 22 WLAN access points need to be protected from eavesdropping #3 - LAN Domain 23 Weak ingress/egress traffic filtering degrades performance #4 LAN-to-WAN domain 2) Frequency Table Looking at your table above, count the number of “High-1” and place the number in cell High-1; then High-2, High-3, Med-1 etc. repeat for all cells. The total of all the cells will be 23. Impact 1 2 3
  • 7. Low Medium High Probability What can you observe about the distribution? Is this company in trouble or are they close to being secure? 3) Remediation plan For the top 3 most critical risks, threats, or vulnerabilities, give a primary and an alternate remediation course of action. The primary course of action is what you recommend to Management, the alternative is usually not as effective but cheaper. Be sure to consider cost in your recommendation to Management. Use references on each. 3-1. State the risk, threat, or vulnerability here Primary: Alternate: 3-2. State the risk, threat, or vulnerability here Primary: Alternate: 3-3. State the risk, threat, or vulnerability here Primary: Alternate: 4) General Questions regarding Risk-Mitigation: a) What risk-mitigation solutions do you recommend for the problem of: User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned
  • 8. computers? b) Why is Continuity of Operations an important risk-mitigation requirement? c) Why is the Remote Access Domain the most risk-prone of all in a typical IT infrastructure? d) When considering the implementation of software updates, software patches, and software fixes, why must you test the upgrade or software patch before you implement it? Appendix - Seven major areas of risk in IT infrastructure From: Jones and Bartlett Learning, TOPIC 1. Q: What are the major areas of risk in IT infrastructure? See Image below. A: The seven domains of the typical IT infrastructure are the major areas of risk. 1. USER: The user domain risk areas include user names, passwords, biometric or other authentication, and social engineering. 2. WORKSTATION: In the workstation domain, the risk areas include end user systems, laptops, desktops, and cells phones. The “desktop domain” where most users enter the IT infrastructure 3. LAN: In the local area network (LAN) domain, the risk areas include the equipment required to create an internal LAN, such as hubs, switches, and media. Small network organized by function or department, allowing access to all resources on the LANs.
  • 9. 4. LAN-to-WAN: The risk areas in the LAN-to-wide area network (WAN) domain include the transition area between the LAN and the WAN, including the router and the firewall. The point at which the IT infrastructure joins a WAN and the Internet 5. WAN: The WAN domain risk areas include the routers and circuits connecting the WAN. The point at which the WAN connects to other WANs via the Internet 6. APPLICATION: In the system, or application, domain, the risk areas include the applications you run on your network, such as e-mail, database, and Web applications. Holds all of the mission-critical systems, applications, and data 7. REMOTE ACCESS: The risk areas in the remote access domain include applications, such as a virtual private network (VPN) to guide remote or travelling users. Connects remote employees and partners to the IT infrastructure Seven major areas of risk in IT infrastructure