Risk Threat Vulnerability free essay sample

User destroys data in application and deletesLANHigh all files Hacker penetrates your IT infrastructure and gains access to your internal network System / ApplicationsHigh Intra-office employee romance gone badUser DomainLow Fire destroys primary data centerLan DomainHigh Service provider SLA is not achieved System / ApplicationsLow Workstation OS has a known softwareLAN – WANMedium vulnerability Unauthorized access to organization owned User DomainHigh workstations Risk – Threat – VulnerabilityPrimary Domain ImpactedRisk Impact/Factor Loss of production dataLANHigh Denial of service attack on organization DMZ and e-mail serverLAN –WANHigh Remote communications from home office LAN server OS has a known software vulnerability User downloads and clicks on an unknown unknown e-mail attachment Workstation browser has software vulnerability Mobile employee needs secure browser access to sales order entry system Service provider has a major network outage Weak ingress/egress traffic filtering degrades performance User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers VPN tunneling between remote computer nd ingress/egress router is needed WLAN access points are needed for LAN connectivity within a warehouse Need to prevent eavesdropping on WLAN due to customer privacy data access DoS/DDoS attack from the WAN/Internet 2. We will write a custom essay sample on Risk Threat Vulnerability or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a â€Å"1†, â€Å"2†, and â€Å"3† next to each risk, threat, vulnerability in the â€Å"Risk Impact/Factor† column. â€Å"1† = Critical, â€Å"2† = Major, â€Å"3† = Minor. Use the following qualitative risk impact/risk factor metrics: â€Å"1† Critical – a risk, threat, or vulnerability that impacts compliance (i. . , privacy law requirement for securing privacy data and implementing proper security controls, etc. ) and places the organization in a position of increased liability â€Å"2†Major – a risk, threat, or vulnerability that impacts the C-I-A of an organization’s intellectual property assets and IT infrastructure â€Å"3†Minor – a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure 3. Craft an executive summary for ma nagement using the following 4-paragraph format. The executive summary must address the following topics: * Purpose of the risk assessment amp; summary of risks, threats, and vulnerabilities found throughout the IT infrastructure * Prioritization of critical, major, minor risk assessment elements * Risk assessment and risk impact summary * Recommendations and next steps Week 2 Lab: Assessment Worksheet Perform a Qualitative Risk Assessment for an IT Infrastructure Overview Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed. Lab Assessment Questions amp; Answers . What is the goal or objective of an IT risk assessment? 2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure? 3. What was your rationale in assigning â€Å"1† risk impact/ risk factor value of â€Å"Critical† for an identified risk, threat, or vulnerability? 4. When you assembled all of the â€Å"1† and â€Å"2† and â€Å"3† risk impact/ri sk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the â€Å"1†, â€Å"2†, and â€Å"3† risk elements? What would you say to executive management in regards to your final recommended prioritization?