Lab #1: Assessment Worksheet

Part A – List of Risks, Threats, and Vulnerabilities

Commonly Found in an IT Infrastructure

Course Name: IAA202

Student Name: Dương Hoàng Nguyên

Lab Due Date: 11/05/20032003

Overview

The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing patients
with life-threatening situations. Given the list, select which of the seven domains of a typical IT infrastructure is
primarily impacted by the risk, threat, or vulnerability.

Risk – Threat – Vulnerability Primary Domain Impacted

Unauthorized access from public Internet Remote Access Domain

System/Application Domain
User destroys data in application and deletes all
files

LAN-to-WAN Domain
Hacker penetrates your IT infrastructure and
gains access to your internal network

Intra-office employee romance gone bad User Domain

Fire destroys primary data center System/Application Domain

Communication circuit outages WAN Domain

Workstation OS has a known software vulnerability Workstation Domain

Unauthorized access to organization owned Workstation Domain

Workstations

Loss of production data System/Application Domain

Denial of service attack on organization e-mail Server LAN-to-WAN Domain

Remote communications from home office Remote Access Domain

LAN server OS has a known software vulnerability LAN Domain

User downloads an unknown e –mail attachment User Domain

Workstation browser has software vulnerability Workstation Domain

Service provider has a major network outage WAN Domain

Weak ingress/egress traffic filtering degrades LAN-to-WAN Domain

Performance

User inserts CDs and USB hard drives with personal User Domain
photos, music, and videos on organization owned
computers

VPN tunneling between remote computer and LAN-to-WAN Domain

ingress/egress router

WLAN access points are needed for LAN connectivity LAN Domain
within a warehouse

Need to prevent rogue users from unauthorized LAN Domain

WLAN access

Part B – List of Risks, Threats, and Vulnerabilities

Given the scenario of a healthcare organization, answer the following Lab #1 assessment questions from a risk
management perspective:

1. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?

LAN-to-WAN Domain
 2. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign to the
risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the healthcare and
HIPPA compliance scenario?
Hacker penetrates IT infrastructure and gains access to your internal network: Critical, PHI can

be compromised Denial of service attack on organization's e-mail server: Minor, can be mitigated

Weak ingress/egress traffic filtering degrades performance: Minor, can be mitigated VPN

tunneling between the remote computer and ingress/egress router: Major, if electronic protected

3. How many threats and vulnerabilities did you find that impacted risk within each of the seven
domains of a typical IT infrastructure?
User Domain: 3
Workstation Domain: 3
LAN Domain: 3
LAN-to-WAN Domain:4
WAN Domain: 2
4. In which domain do you implement web content filters?

LAN-to-WAN Domain

5. Which domains need software vulnerability assessments to mitigate risk from software
vulnerabilities?

Workstation Domain (workstation, corporate-issued mobile devices) LAN Domain (regarding

the network devices) System/Application Domain (servers, storage area network (SAN), network
attached storage (NAS), backup devices