Scribd Logo
Upload

Welcome to Scribd!

  • 164 views

    Risk - Threat - Vulnerability Primary Domain Impacted

    Uploaded by

    Vinh Huynh K14 HCM
    This document contains a lab assessment for a course on information assurance. It lists various risks, threats, and vulnerabilities across 7 domains of an IT infrastructure for a healthcare organization. The student identified which primary domain each risk/threat impacted and answered 15 questions analyzing the risks across each domain and identifying mitigation strategies. The greatest number of risks/threats impacted the system/application domain.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Risk - Threat - Vulnerability Primary Domain Impacted

    Uploaded by

    Vinh Huynh K14 HCM
    164 views5 pages
    This document contains a lab assessment for a course on information assurance. It lists various risks, threats, and vulnerabilities across 7 domains of an IT infrastructure for a healthcare organization. The student identified which primary domain each risk/threat impacted and answered 15 questions analyzing the risks across each domain and identifying mitigation strategies. The greatest number of risks/threats impacted the system/application domain.

    Original Description:

    Lab 1

    Original Title

    IAA202_Lab1_SE140810

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains a lab assessment for a course on information assurance. It lists various risks, threats, and vulnerabilities across 7 domains of an IT infrastructure for a healthcare organization. The student identified which primary domain each risk/threat impacted and answered 15 questions analyzing the risks across each domain and identifying mitigation strategies. The greatest number of risks/threats impacted the system/application domain.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    164 views5 pages

    Risk - Threat - Vulnerability Primary Domain Impacted

    Uploaded by

    Vinh Huynh K14 HCM
    This document contains a lab assessment for a course on information assurance. It lists various risks, threats, and vulnerabilities across 7 domains of an IT infrastructure for a healthcare organization. The student identified which primary domain each risk/threat impacted and answered 15 questions analyzing the risks across each domain and identifying mitigation strategies. The greatest number of risks/threats impacted the system/application domain.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 5

    Course Name: IAA202

    Student Name: Huynh Hien Vinh


    Instructor Name: Mai Hoang Dinh
    Lab Due Date: Today
    Overview
    The following risks, threats, and vulnerabilities were found in a healthcare IT
    infrastructure servicing patients with life-threatening situations. Given the list,
    select which of the 7 domains of a typical IT infrastructure is primarily impacted
    by the risk, threat, or vulnerability
    Risk – Threat - Vulnerability Primary Domain Impacted
    Unauthorized access from public Remote Access
    Internet
    User destroys data in application System/Application
    and deletes all files
    Hacker penetrates your IT Lan to Wan
    infrastructure and gains access to
    your internal network
    Intra-office employee romance User
    gone bad
    Fire destroys primary data center System/Application
    Communication circuit outages WAN
    Workstation OS has a known Workstation
    software vulnerability
    Unauthorized access to Remote Access
    organization owned
    Workstations Workstation
    Loss of production data System/Application
    Denial of Service attack on Lan to WAN
    organization e-mail Server
    Risk – Threat - Vulnerability Primary Domain Impacted
    Remote communication from Remote Access
    home office
    LAN server OS has a known System/Application
    software vulnerability
    User downloads an unknown e- User
    mail attachment
    Workstation browser has Workstation
    software vulnerability
    Service provider has a major System/Application
    network outage
    Weak ingress/egress traffic LAN to WAN
    filtering degrades Performance
    User inserts CDs and USB hard User
    drives with personal photos,
    music, and videos on organization
    owned computers
    VPN tunneling between remote LAN to WAN
    computer and ingress/egress
    router
    WLAN access points are needed LAN
    for LAN connectivity within a
    warehouse
    Need to prevent rogue users from LAN
    unauthorized WLAN access

    Lab Assessment Questions:


    1. Which one of the listed risks, threats, or vulnerabilities can violate HIPPA
    privacy requirements? List one and justify your answer in one or two
    sentences.
    -User destroys data in application and deletes all files, this is one of the
    worst situation that can happen to healthcare organizations, since they
    need data to keep track of patients and etc…. Broken access control can let
    a user delete privacy & important data that he/she doesn’t have access to.

    2. How many threats and vulnerabilities did you find that impacted risk within
    each of the seven domains of a typical IT infrastructure?
    -User Domain: 3
    -Workstation Domain: 3
    -LAN Domain: 2
    -LAN to WAN Domain: 4
    -WAN Domain: 1
    -Remote Access Domain: 3
    -System/Application Domain: 5
    3. Which domain had the greatest number of risks, threats, and vulnerabilities?
    -It’s System/Application Domain with 5.
    4. What is the risk impact or risk factor that you would qualitatively assign to the
    risks, theats, and vulnerabilities you identified for the LAN-to-WAN Domain for
    the healthcare and HIPPA compliance scenario?
    -I think it’s Hacker managed to penetrate the healthcare center’s internal
    network, which in this case, can lead to serious impact, like hacker can install
    ransomware, which will encrypt all the important file, example patient’s health
    report, this will interrupt the normal operation of the healthcare center.
    5. Of the three Systems/Application Domain risks, threats, and vulnerabilities
    identified, which one requires a disaster recovery plan and business continuity
    plan to maintain continued operations during a catastrophic outage?

    -It’s Service provider has a major network outage

    6. Which domain represents the greatest risk and uncertainly to an


    organization?
    -It’s System/Application
    7. Which domain requires stringent access controls and encryption for
    connectivity to corporate resources from home?
    -It’s Remote Access Domain
    8. Which domain requires annual security training and employee
    background checks for sensitive positions to help mitigate risk from
    employee sabotage?
    -It’s User Domain
    9. Which domains need software vulnerability assessments to mitigate
    risk from software vulnerabilities?
    -It’s Workstation Domain
    10. Which domain requires AUPs to minimize unnecessary User
    initiated Internet traffic and can be monitored and controlled by web
    content filters?
    -It’s Lan-to-WAN Domain
    11. In which domain do you implement web content filters?
    -It’s WAN Domain
    12. If you implement a wireless LAN to support connectivity for laptops
    in the Workstation Domain, which domain does WLAN fall within?
    -It’s Lan-to-WAN Domain
    13.
    -They wound fall within WAN Domain
    14.
    -It’s True
    15.
    -A layered security strategy throughout the 7-domains of a typical IT
    infrastructure can help mitigate risk exposure for loss of privacy data or
    confidential data from the Systems/Application Domain. Base on the
    layered strategy we can deploy suitable endpoint protections like
    firewall, user access control, anti-virus and etc….

    You might also like