Scribd
Upload
17 views4 pages

pdf-div-class-2qs3tf-truncatedtext-module-wrapper-fg1km9p-classtruncatedtext-module-lineclamped-85ulhh-style-max-lines5iaa202-lab-1-se151495-nguyen-huynh-minh-dan-p-div

The document outlines various risks, threats, and vulnerabilities commonly found in IT infrastructure, categorized by their primary impacted domains. It emphasizes the importance of security controls, particularly in healthcare organizations to comply with HIPAA requirements, and identifies the User Domain as the greatest risk area. Additionally, it discusses the need for disaster recovery plans, stringent access controls, and software vulnerability assessments across different domains to mitigate risks.

Uploaded by

ngoccthe172160
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
17 views4 pages

pdf-div-class-2qs3tf-truncatedtext-module-wrapper-fg1km9p-classtruncatedtext-module-lineclamped-85ulhh-style-max-lines5iaa202-lab-1-se151495-nguyen-huynh-minh-dan-p-div

The document outlines various risks, threats, and vulnerabilities commonly found in IT infrastructure, categorized by their primary impacted domains. It emphasizes the importance of security controls, particularly in healthcare organizations to comply with HIPAA requirements, and identifies the User Domain as the greatest risk area. Additionally, it discusses the need for disaster recovery plans, stringent access controls, and software vulnerability assessments across different domains to mitigate risks.

Uploaded by

ngoccthe172160
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

#Lab_1:

MSSV: SE151495
Lame: Lguyễn Huỳnh Minh Ðan
Part A – List of Risks, Threats, and Vulnerabilities Commonly Found in an IT
Infrastructure

Risk – Threat – Vulnerability Primary Domain Impacted


Unauthorized access from public WAN Domain
lnternet
User destroys data in application and System/Application
deletes all Domain
files
Hacker penetrates your lT LAN to WAN
infrastructure and Domain
gains access to your internal network
lntra-office employee romance User
gone bad Domain
Fire destroys primary data System/Application
center Domain
Communication circuit WAN
outages Domain
Workstation OS has a known Workstation
software Domain
vulnerability
Unauthorized access to organization Workstation
owned Domain
Loss of production System/Application
data Domain
Denial of service attack on organization LAN to WAN
e-mail Domain
Server
Remote communications from home Remote Access
office Domain
LAN server OS has a known LAN
software Domain
vulnerability
User downloads an unknown e— User
mail Domain
attachment
Workstation browser has software User
vulnerability Domain
Service provider has a major network WAN
outage Domain
Weak ingress/egress traffic filtering LAN to WAN
degrades Domain
Performanc
e
User inserts CDs and USB hard drives with User Domain
personal photos, music, and videos on organization owned computers

VPN tunneling between remote computer and LAN to WAN Domain


ingress/egress router

WLAN access points are needed for LAN LAN Domain


connectivity within a warehouse

Need to prevent rogue users from unauthorized LAN Domain


WLAN access

Part B - Identify Threats and Vulnerabilities in an IT Infrastructure


1. Healthcare organizations are under strict compliance to HIPPA privacy requirements which
require that an organization have proper security controls for handling personal healthcare
information (PHI) privacy data. This includes security controls for the IT infrastructure handling PHI
privacy data.

Which one of the listed risks, threats, or vulnerabilities can violate HIPPA privacy requirements?
List one and justify your answer in one or two sentences.
Risk: Unauthorized access from public lnternet

lt would be in violation of HlPPA, which could result in access to view patient


information and records, or be able to edit and delete that patient's information.

2. How many threats and vulnerabilities did you find that impacted risk within each of the seven
domains of a typical IT infrastructure?
User Domain: 4

Workstation Domain: 2

LAN Domain: 3
LAN-to-WAN Domain: 4

WAN Domain: 3

Remote Access Domain: 1

Systems/Application Domain: 3

3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?
LAN-to-WAN Domain

4. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign
to the risks, threats, and vulnerabilities you identified for the LAL-to-WAL Domain for the

healthcare and HIPPA compliance scenario?


- Critical: Unauthorized access from public lnternet => Attackers can enter to
perform their manipulations on patient information, PHl (protect health
information) will be compromised.

- Minor:
+ Denial of service attack on organization e-mail Server

+ Weak ingress/egress traffic filtering degrades Performance

- Major:
VPN tunneling between remote computer and ingress/egress router

5. Of the three Systems/Application Domain risks, threats, and vulnerabilities identified, which
one requires a disaster recovery plan and business continuity plan to maintain continued
operations during a catastrophic outage?
Fire destroys primary data center:

User destroys data in application and deletes all files and Loss of production data cannot be as
severe as the fire that destroyed the main data center, having to recover both hardware
and software data.

6. Which domain represents the greatest risk and uncertainty to an organization?


User Domain

7. Which domain requires stringent access controls and encryption for connectivity to corporate
resources from home?
Remote Access Domain

8. Which domain requires annual security awareness training and employee background checks
for sensitive positions to help mitigate risk from employee sabotage?
User Domain

9. Which domains need soware vulnerability assessments to mitigate risk from


soware vulnerabilities?
- LAN Domain

- LAN to WAN Domain

- Workstation Domain

- Systems/Application Domain

10. Which domain requires AUPs to minimize unnecessary User initiated Internet traffic and can be
monitored and controlled by web content filters?
User Domain

11. In which domain do you implement web content filters?


LAN to WAN Domain

12. If you implement a wireless LAL (WLAL) to support connectivity for laptops in the Workstation
Domain, which domain does WLAL fall within?
LAN Domain

13. A bank under Gramm-Leach-Bliley-Act (GLBA) for protecting customer privacy has just
implemented their online banking solution allowing customers to access their accounts and
perform transactions via their computer or PDA device. Online banking servers and their public
Internet hosting would fall within which domains of security responsibility?
The bank server will be in the System/Application domain, and their public lnternet

hosting would fall within LAN to WAN Domain


14. Customers that conduct online banking using their laptop or personal computer must use
HTTPS:, the secure and encrypted version of HTTP: browser communications. HTTPS:// encrypts
webpage data inputs and data through the public Internet and decrypts that webpage and data
once displayed on your browser. True or False.
True

15. Explain how a layered security strategy throughout the 7-domains of a typical IT infrastructure
can help mitigate risk exposure for loss of privacy data or confidential data from the
Systems/Application Domain.
- Control user access, monitor and manage network traffic.

-should
Security
be control in LAN
taken when and LAN-to-WAN
securing domains,
this boundary great
because care
the and extreme
following care
risks may
exist in this domain:

+ No firewall, just a simple modem.

+ Lacks any defensive perimeter controls.

+ Unable to lntrusion Detection / lntrusion Prevention.

- Always update the latest software for the computer.

You might also like