Lab #6: ASSESSMENT WORKSHEET DEVELOP A

RISK MITIGATION PLAN OUTLINE FOR AN IT

INFRASTRUCTURE

Course Name: IAA202

Student Name: TRAN THANH HUNG
Instructor Name: MAI HOANG DINH
Lab Due Date: 03/11/2020

Overview:

Lab Assessment Questions:

After completing your IT risk mitigation plan outline, answer the following Lab
#6 – Assessment Worksheet questions. These questions are specific to the IT risk
mitigation plan outline you crafted as part of Lab #6 – Develop a Risk Mitigation
Plan Outline for an IT Infrastructure.

1. Why is it important to prioritize your IT infrastructure risks, threats, and

vulnerabilities?

By aligning the potential risks, threats, and vulnerabilities to the prioritized IT

infrastructure components and assets, management can make sound business
decisions based on the value or criticality of that IT asset and the potential risk,
threats, and vulnerabilities that are known.

2. Based on your executive summary produced in Lab #4 – Perform a

Qualitative Risk Assessment for an IT Infrastructure, what was the
primary focus of your message to executive management?

To inform the executive management of the levels and probabilities of risk

within the business.
 3. Given the scenario for your IT risk mitigation plan, what influence did
your scenario have on prioritizing your identified risks, threats, and
vulnerabilities?

The nature and magnitude of a threat, the vulnerabilities to that threat, and the
consequences that could result.

4. What risk mitigation solutions do you recommend for handling the

following risk element? User inserts CDs and USB hard drives with
personal photos, music, and videos on organization owned computers?

Disable internal CD drives and USB ports. Enable automatic antivirus scans for
insertedmedia drives, flies, and e-mail attachments. An antivirus scanning system
examines all new files on your computer’s hard drive for viruses. Set up antivirus.

5. What is a security baseline definition?

Security Baseline is a standard; it’s a starting point that specifieswhat security

components must be considered such as configuring a server or developing any
application.

6. What questions do you have for executive management in order to finalize

your IT risk mitigation plan?

Is therea budget for a migration plan and what are their priorities? If there are
other options, let them know and make sure the executive management approves.

7. What is the most important risk mitigation requirement you uncovered

and want to communicate to executive management? In your opinion, why
is this the most important risk mitigation requirement?

The most important risk mitigation requirement I uncovered and want to

communicate to executive management is evaluating risk interactions and common
causes.

8. Based on your IT risk mitigation plan, what is the difference between

short-term and long-term risk mitigation tasks and on-going duties?
 Short-term are risks that can be fixed rapidly and will (more than likely) not
have long term effects on the company, long term risks are risks that can end in
fines if they involve compliance issues.

9. Which of the seven domains of a typical IT infrastructure is easy to

implement risk mitigation solutions but difficult to monitor and track
effectiveness?
In my opinion, the remote access domain is the easiest to implement mitigation
solutions for but more difficult to monitor and track effectively.

10.Which of the seven domains of a typical IT infrastructure usually contains

privacy data within systems, servers, and databases?
The WAN domain

11.Which of the seven domains of a typical IT infrastructure can access

privacy data and also store it on local hard drives and disks?
User Workstation.

12.Why is the Remote Access Domain the most risk prone of all within a
typical IT infrastructure?
The most obvious risk involved with remote access use is the unauthorized user.
Unfortunately, this risk is one that you will never be able to entirely avoid.
Regardless of the level of care you take in keeping password information a secret,
programs exist that can break into most secure networks. Anti-virus programs and
intrusion technologies are ways to avoid this problem. Another possible risk of
remote-access technology is the loss of files . This can happen for many different
reasons, whether its partial file transfers or transfer errors. Once again,
technologies exist to help minimize this risk, but it is generally a safe strategy to
keep. Some other problems that can be encountered with Remote Access Domain
are ; Data Interception and Eavesdropping; Device Loss ; Malware; Firewall
Problems.

13.When considering the implementation of software updates, software

patches, and software fixes, why must you test this upgrade or software
patch before you implement this as a risk mitigation tactic?

You can't implement software updates and patches as a risk

mitigation tactic without first.
 14.Are risk mitigation policies, standards, procedures, and guidelines needed
as part of your long-term risk mitigation plan? Why or why not?
Risk mitigation policies, standards, procedures and
guidelines are needed as part of the long-term risk
mitigation plan because they provide the insurance against
future attacks. If these things were not developed and a
disaster struck, then how would the business get back up
and running quickly with a minimal impact? The policies and
procedures provide the steps that need to be taken in the
event of a disaster/hacker. Standards and guidelines provide
the framework for the steps to be taken. They also help to
ensure compliance with any laws or recommendations from
the top security organizations to help reduce risk and make
the business more profitable in the long term.

15.If an organization under a compliance law is not in compliance, how

critical is it for your organization to mitigate this non-compliance risk
element?

It is a very critical situation because this could lead to hefty fines and can,
depending on the type of business, end in the closing the business.