Lab #6 – Assessment Worksheet
Developing a Risk – Mitigation Outline for an IT Infrastructure
Course Name and Number: Risk Management IS355
Student Name: Sherry Best
Instructor Name: Nicole Goodyear
Lab Due Date: 2/13/2018
1. Why is it important to prioritize your IT infrastructure risks, threats and vulnerabilities?
To be able to identify the CBF or the CBA of the company. By identifying the vulnerabilities, the be able to mitigate them.
2. Based on your executive summary produced in Lab 4 – Perform a Qualitative Risk Assessment for an It Infrastructure, what was the primary focus of your message to executive management?
The focus was on the mitigation of unauthorized access to the network’s vulnerability.
3. Given the scenario for your…show more content… Any changes to the scenario would alter the critical and minor risks. As the critical risks are identified, they can be prioritized above the minor, and then in an ascending order of priority.
4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music and videos on organization owned computers.
Deny the use of USB ports and control the installation of such devices.
5. What is a security baseline definition?
The least possible security controls that are required for safeguarding an IT system.
6. What questions do you have for executive management to finalize your IT risk mitigation plan?
Which recommendations does the management approve or deny, and what is the budget for these controls?
7. What is the most important risk mitigation requirement you uncovered and want to communicate to executive management? In your opinion, why is this most important risk mitigation…show more content… Which of the seven domains of a typical IT infrastructure can access privacy data and also store it on local hard drives and disks?
Workstation Domain
12. Why is the Remote Access Domain the most risk prone of all within a typical IT infrastructure?
Because it allows users to access the private network from the public network (internet) that can permit asset information being hijacked by an attacker.
13. When considering the implementation of software updates, software patches, and software fixes, why must you test this upgrade or software patch before you implement this as a risk mitigation tactic?
To make sure it will work as desired and meet the company specific needs.
14. Are risk mitigation policies, standards, procedures and guidelines needed as part of your long-term risk mitigation plan? Why or why not?
Yes, it will allow you historical data for future incidents.
15. If an organization under a compliance law is not in compliance, how critical is it for your organization to mitigate this non-compliance risk element? Not being under compliance law will subject the company to fines (penalties) and even shutdowns. This can cause loss of revenue and affect the reputation of the
