Scribd
Upload
59 views

Lab #1

The document summarizes a lab assessment worksheet for a healthcare organization's IT infrastructure risks. It identifies risks, threats and vulnerabilities across seven domains: remote access, system/application, LAN-to-WAN, user, workstation, LAN, and WAN. The LAN-to-WAN domain had the greatest number of issues. Two risks to the LAN-to-WAN domain from a hacker and denial of service attack were identified as critical and minor respectively. Software vulnerability assessments are needed for the workstation, LAN, and system/application domains. Web content filters should be implemented in the LAN-to-WAN domain.

Uploaded by

Trần Mỹ Linh
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
59 views

Lab #1

The document summarizes a lab assessment worksheet for a healthcare organization's IT infrastructure risks. It identifies risks, threats and vulnerabilities across seven domains: remote access, system/application, LAN-to-WAN, user, workstation, LAN, and WAN. The LAN-to-WAN domain had the greatest number of issues. Two risks to the LAN-to-WAN domain from a hacker and denial of service attack were identified as critical and minor respectively. Software vulnerability assessments are needed for the workstation, LAN, and system/application domains. Web content filters should be implemented in the LAN-to-WAN domain.

Uploaded by

Trần Mỹ Linh
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab #1: Assessment Worksheet

Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in


an IT Infrastructure
Course Name: IAA202_______________________________________
Student Name: Trần Mỹ Linh, Lê Mạnh Hải_______________________
Instructor Name: Hồ Kim Cường_______________________________
Lab due date :______________________________________________
Overview
The following risks, threats, and vulnerabilities were found in a healthcare
IT infrastructure servicing patients with life-threatening situations. Given the
list, select which of the seven domains of a typical IT infrastructure is primarily
impacted by the risk, threat, or vulnerability.

Risk – Threat – Vulnerability Primary Domain Impacted


Unauthorized access from public Remote Access Domain
Internet
User destroys data in application and System/Application Domain
deletes all files
Hacker penetrates your IT LAN-to-WAN Domain
infrastructure and gains access to your
internal network
Intra-office employee romance gone User Domain
bad
Fire destroys primary data center System/Application Domain
Communication circuit outages WAN Domain
Workstation OS has a known Workstation Domain
software vulnerability
Unauthorized access to organization Workstation Domain
owned Workstations
Loss of production data System/Application Domain
Denial of service attack on LAN-to-WAN Domain
organization e-mail Server
Remote communications from home Remote Access Domain
office
LAN server OS has a known software LAN Domain
vulnerability
User downloads an unknown e –mail User Domain
attachment
Workstation browser has software Workstation Domain
vulnerability
Service provider has a major network WAN Domain
outage
Weak ingress/egress traffic filtering LAN-to-WAN Domain
degrades Performance
User inserts CDs and USB hard drives User Domain
with personal photos, music, and
videos on organization owned
computers
VPN tunneling between remote LAN-to-WAN Domain
computer and ingress/egress router
WLAN access points are needed for LAN Domain
LAN connectivity within a warehouse
Need to prevent rogue users from LAN Domain
unauthorized WLAN access

Part B – List of Risks, Threats, and Vulnerabilities


Given the scenario of a healthcare organization, answer the following Lab
#1 assessment questions from a risk management perspective:
⦁ Which domain(s) had the greatest number of risks, threats, and
vulnerabilities?
LAN-to-WAN Domain
 What is the risk impact or risk factor (critical, major, minor) that you
would qualitatively assign to the risks, threats, and vulnerabilities you
identified for the LAN-to-WAN Domain for the healthcare and HIPPA
compliance scenario?
Hacker penetrates IT infrastructure and gains access to your internal
network: Critical, PHI can be compromised Denial of service attack on
organization's e-mail server: Minor, can be mitigated
Weak ingress/egress traffic filtering degrades performance: Minor, can be
mitigated VPN tunneling between the remote computer and ingress/egress
router: Major, if electronic protected
 How many threats and vulnerabilities did you find that impacted risk
within each of the seven domains of a typical IT infrastructure?
User Domain: 3
Workstation Domain: 3
LAN Domain: 3
LAN-to-WAN Domain:4 WAN Domain: 2
 In which domain do you implement web content filters?
LAN-to-WAN Domain
 Which domains need software vulnerability assessments to mitigate risk
from software vulnerabilities?
Workstation Domain (workstation, corporate-issued mobile devices)
LAN Domain (regarding the network devices) System/Application Domain
(servers, storage area network (SAN), network attached storage (NAS), backup
devices.

You might also like