Scribd
Upload
28 views

Lab 1: IAA

The document analyzes risks, threats, and vulnerabilities across different domains of an IT infrastructure for a healthcare organization. It identifies that the LAN-to-WAN domain had the greatest number of issues and determines the risk impact of specific threats in that domain such as a hacker gaining internal network access would be critical. It also quantifies threats in each domain and identifies that web content filters should be implemented in the LAN-to-WAN domain and software vulnerability assessments are needed in the workstation, LAN, and system/application domains.

Uploaded by

Nguyen Thanh Trung (K16HL)
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views

Lab 1: IAA

The document analyzes risks, threats, and vulnerabilities across different domains of an IT infrastructure for a healthcare organization. It identifies that the LAN-to-WAN domain had the greatest number of issues and determines the risk impact of specific threats in that domain such as a hacker gaining internal network access would be critical. It also quantifies threats in each domain and identifies that web content filters should be implemented in the LAN-to-WAN domain and software vulnerability assessments are needed in the workstation, LAN, and system/application domains.

Uploaded by

Nguyen Thanh Trung (K16HL)
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab #1: Assessment Worksheet

Part A – List of Risks, Threats, and

Vulnerabilities Commonly Found in an IT

Infrastructure

Course Name: HE161772

Student Name: Nguyễn Thành Trung__________________

Lab Due Date:

Overview

The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing
patients with life-threatening situations. Given the list, select which of the seven domains of a typical
IT infrastructure is primarily impacted by the risk, threat, or vulnerability.

Risk – Threat – Vulnerability Primary Domain Impacted

Unauthorized access from public Internet Remote Access Domain

System/Application Domain
User destroys data in application and deletes
all files

Lan-to-Wan Domain
Hacker penetrates your IT infrastructure
and gains access to your internal network

Intra-office employee romance gone bad User Domain

Fire destroys primary data center System/Application Domain

Communication circuit outages Wan Domain

Workstation OS has a known software vulnerability Workstation Domain


Unauthorized access to organization owned Workstation Domain
Workstations
Loss of production data System/Application Domain

Denial of service attack on organization e-mail Lan-to-Wan Domain


Server
Remote communications from home office Remote Access Domain

LAN server OS has a known software vulnerability Lan Domain

User downloads an unknown e –mail attachment User Domain

Workstation browser has software vulnerability Workstation Domain

Service provider has a major network outage Wan Domain

Weak ingress/egress traffic filtering degrades Lan-to-Wan Domain


Performance

User inserts CDs and USB hard drives with User Domain
personal photos, music, and videos on organization
owned computers

VPN tunneling between remote computer and Lan-to-Wan Domain


ingress/egress router

WLAN access points are needed for LAN Lan Domain


connectivity within a warehouse

Need to prevent rogue users from unauthorized Lan Domain


WLAN access

Part B – List of Risks, Threats, and Vulnerabilities


Given the scenario of a healthcare organization, answer the following Lab #1 assessment questions
from a risk management perspective:

1. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?
LAN-to-WAN Domain

2. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign
to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the
healthcare and HIPPA compliance scenario?
`
Hacker penetrates IT infrastructure and gains access to your internal network: Critical, PHI can be
compromised Denial of service attack on organization's e-mail server: Minor, can be mitigated Weak
ingress/egress traffic filtering degrades performance: Minor, can be mitigated VPN tunneling
between the remote computer and ingress/egress router: Major, if electronic protected health
information (ePHI) is being accessed remotely

3. How many threats and vulnerabilities did you find that impacted risk within each of the
seven domains of a typical IT infrastructure?
User Domain: 3
Workstation Domain: 3
LAN Domain: 3
LAN-to-WAN Domain: 4
WAN Domain: 2
Remote Access Domain: 2
Systems/Application Domain: 3

4. In which domain do you implement web content filters?


LAN-to-WAN Domain

5. Which domains need software vulnerability assessments to mitigate risk from


software vulnerabilities?
Workstation Domain (workstation, corporate-issued mobile devices) LAN
Domain (regarding the network devices) System/Application Domain (servers,
storage area network (SAN), network attached storage (NAS), backup devic

You might also like