Information Security Assignment

Review the seven domain of the typical IT infrastructure

Using the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure servicing patients with life-threatening conditions, review the risks in the following table. Consider how you might manage each risk and which of the seven domains each one affects:

Risks, Threats, and Vulnerabilities Unauthorized access from public Internet

Hacker penetrates IT infrastructure

Communication circuit outages

Workstations

Workstation operating system (OS) has a known software vulnerability

Denial of service attack on organization’s e-mail

Remote communications from home office

Workstation browser has software vulnerability

Weak ingress/egress traffic-filtering degrades performance

Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse

Need to prevent rogue users from unauthorized WLAN access

User destroys data in application, deletes all files, and gains access to internal network

Fire destroys primary data center

Intraoffice employee romance gone bad

Loss of production data server

Unauthorized access to organization-owned workstations

LAN server OS has a known software vulnerability

User downloads an unknown e-mail attachment

Service provider has a major network outage

A technician inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

For each of the domains, create an outline in the scope of your risk management plan. Include the following topics: The five major parts of an IT risk management process for each domain:

Risk Planning

Risk identification

Risk assessment

Risk response

Risk monitoring