Part B - Identify Threats and Vulnerabilities in an IT Infrastructure

Identify Threats and Vulnerabilities in an IT Infrastructure
Managing Risk in Information Systems

JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

LABORATORY MANUAL TO ACCOMPANY

VERSION 2.0

INSTRUCTOR VERSION

Introduction

The task of identifying risks in an IT environment can become overwhelming. Once your mind

starts asking what if? about one IT area, you quickly begin to grasp how many

vulnerabilities exist across the IT spectrum. It may seem impossible to systematically search for

risks across the whole IT environment.

Thankfully, a solution is at hand that simplifies identifying threats and vulnerabilities in an IT

infrastructure. That method is to divide the infrastructure into the seven domains: Wide Area

Network (WAN), Local Area Network-to-Wide Area Network (LAN-to-WAN), Local Area

Network (LAN), Workstation, User, System/Application, and Remote Access. Systematically

tackling the seven individual domains of a typical IT infrastructure helps you organize the roles,

responsibilities, and accountabilities for risk management and risk mitigation.

In this lab, you will identify known risks, threats, and vulnerabilities, and you will organize

them. Finally, you will map these risks to the domain that was impacted from a risk management

perspective.

Learning Objectives

Upon completing this lab, you will be able to:

Identify common risks, threats, and vulnerabilities found throughout the seven domains of a

typical IT infrastructure.

Align risks, threats, and vulnerabilities to one of the seven domains of a typical IT

infrastructure.

Given a scenario, prioritize risks, threats, and vulnerabilities based on their risk impact to the

organization from a risk-assessment perspective.

Prioritize the identified critical, major, and minor risks, threats, and software vulnerabilities

found throughout the seven domains of a typical IT infrastructure.

Lab #1 Identifying Threats and Vulnerabilities in an IT Infrastructure

4 | LAB #1 Identifying Threats and Vulnerabilities in an IT Infrastructure

Risks, Threats, and Vulnerabilities Primary Domain Impacted

Unauthorized access from public Internet

Hacker penetrates IT infrastructure through modem bank

Communication circuit outages

Workstation operating system (OS) has a known software vulnerability

Denial of service attack on organizations e- mail server

Remote communications from home office

Workstation browser has software vulnerability

Weak ingress/egress traffic-filtering degrades performance

Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse

Need to prevent rogue users from unauthorized WLAN access

Doctor destroys data in application, deletes all files, and gains access to internal network

Fire destroys primary data center

Intraoffice employee romance gone bad

Loss of production data server

Unauthorized access to organization-owned workstations

LAN server OS has a known software vulnerability

Nurse downloads an unknown e-mail attachment

Service provider has a major network outage

A technician inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

?Note: Some risks will affect multiple IT domains. In fact, in real-world environments, risks and their direct consequences will most likely span across several domains. This is a big reason to implement controls in more than one domain to mitigate those risks. However, for the exercise in step 6 that follows, consider and select only the domain that would be most affected.

Subsequent next steps in the real world include selecting, implementing, and testing controls to minimize or eliminate those risks. Remember that a risk can be responded to in one of four ways: accept it, treat it (minimize it), avoid it, or transfer it (for example, outsource or insurance).

Pages from 9781284058680_ILMx_Risk20

Our Service Charter

1. Professional & Expert Writers: Blackboard Experts only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Blackboard Experts are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Blackboard Experts is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Blackboard Experts, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.

Part B – Identify Threats and Vulnerabilities in an IT Infrastructure

Part B – Identify Threats and Vulnerabilities in an IT Infrastructure

Our Service Charter

Recent Posts

Recent Comments