100%(4)4 out of 4 people found this document helpful
This preview shows page 1 - 5 out of 11 pages.
Info Security & Risk Management ISOL 533-05Mukul GuptaUniversity of the CumberlandsISOL 533-05Lab#6 ReportDeveloping a Risk-Mitigation Plan Outline for an IT InfrastructureInfo Security & Risk ManagementDr. Billy Chestnut9thAug 2020
Info Security & Risk Management ISOL 533-05In your Lab report file, organize the qualitative risk assessment data according to thefollowing:Executive summaryPrioritization of identified risks, threats, and vulnerabilities identified throughout the IT infrastructure.Risks, Threats, andVulnerabilitiesPrimary Domain ImpactedRisk Impact/ FactorUnauthorized access frompublic InternetRemote Access Domain1User destroys data inapplication and deletes allfilesSystems/ ApplicationsDomain2Hacker penetrates your ITinfrastructure and gainsaccess to your internalnetworkUser Domain1IntraOffice employeeromance gone badUser Domain3Fire destroys primary datacenterSystems/ Application Domain1Service provider service levelagreement (SLA) is notachievedWAN Domain3Workstation operating system(OS) has a known softwareWorkstation Domain2
Info Security & Risk Management ISOL 533-05vulnerabilityUnauthorized access toorganization-ownedworkstationsWorkstation & User Domain3Loss of production dataSystems/ Application Domain2Denial of service attack onorganization DemilitarizedZone (DMZ) and e-mailserverLAN to WAN Domain1Remote communicationsfrom home officeRemote Access Domain2Local Area Network (LAN)server OS has a knownsoftware vulnerabilityLAN Domain1User downloads and clicks onan unknown e-mailattachmentUser Domain1Workstation browser has asoftware vulnerabilityWorkstation Domain3Mobile employee needssecure browser access tosales-order entry systemRemote Access Domain3Service provider has a majornetwork outageWAN Domain2Weak ingress/egress traffic-filtering degradesperformanceLAN to WAN Domain3User inserts CDs and USBhard drives with personalUser Domain2
Info Security & Risk Management ISOL 533-05photos, music and videos onorganization-owned computerVirtual Private Network(VPN) tunneling betweenremote computer andingress/egress router isneededLAN to WAN Domain2Wireless Local Area Network(WLAN) access points areneeded for LAN connectivitywithin a warehouseLAN Domain3Need to preventeavesdropping on WLAN dueto customer privacy dataaccessLAN Domain1Denial of service (DoS)/distributed denial of service(DDoS) attack from WideArea Network (WAN)/InternetWAN Domain1Organize all of the critical “1” risks, threats, and vulnerabilities identified throughout theseven domains of a typical IT infrastructure.