Scribd
Upload
104 views3 pages

Lab 1: IAA

The document analyzes risks, threats, and vulnerabilities across different domains of an IT infrastructure for a healthcare organization. It identifies that the LAN-to-WAN domain had the greatest number of issues and determines the risk impact of specific threats in that domain such as a hacker gaining internal network access would be critical. It also quantifies threats in each domain and identifies that web content filters should be implemented in the LAN-to-WAN domain and software vulnerability assessments are needed in the workstation, LAN, and system/application domains.

Uploaded by

Nguyen Thanh Trung (K16HL)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
104 views3 pages

Lab 1: IAA

The document analyzes risks, threats, and vulnerabilities across different domains of an IT infrastructure for a healthcare organization. It identifies that the LAN-to-WAN domain had the greatest number of issues and determines the risk impact of specific threats in that domain such as a hacker gaining internal network access would be critical. It also quantifies threats in each domain and identifies that web content filters should be implemented in the LAN-to-WAN domain and software vulnerability assessments are needed in the workstation, LAN, and system/application domains.

Uploaded by

Nguyen Thanh Trung (K16HL)
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Lab #1: Assessment Worksheet

Part A – List of Risks, Threats, and

Vulnerabilities Commonly Found in an IT

Infrastructure

Course Name: HE161772

Student Name: Nguyễn Thành Trung__________________

Lab Due Date:

Overview

The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing
patients with life-threatening situations. Given the list, select which of the seven domains of a typical
IT infrastructure is primarily impacted by the risk, threat, or vulnerability.

Risk – Threat – Vulnerability Primary Domain Impacted

Unauthorized access from public Internet Remote Access Domain

System/Application Domain
User destroys data in application and deletes
all files

Lan-to-Wan Domain
Hacker penetrates your IT infrastructure
and gains access to your internal network

Intra-office employee romance gone bad User Domain

Fire destroys primary data center System/Application Domain

Communication circuit outages Wan Domain

Workstation OS has a known software vulnerability Workstation Domain


Unauthorized access to organization owned Workstation Domain
Workstations
Loss of production data System/Application Domain

Denial of service attack on organization e-mail Lan-to-Wan Domain


Server
Remote communications from home office Remote Access Domain

LAN server OS has a known software vulnerability Lan Domain

User downloads an unknown e –mail attachment User Domain

Workstation browser has software vulnerability Workstation Domain

Service provider has a major network outage Wan Domain

Weak ingress/egress traffic filtering degrades Lan-to-Wan Domain


Performance

User inserts CDs and USB hard drives with User Domain
personal photos, music, and videos on organization
owned computers

VPN tunneling between remote computer and Lan-to-Wan Domain


ingress/egress router

WLAN access points are needed for LAN Lan Domain


connectivity within a warehouse

Need to prevent rogue users from unauthorized Lan Domain


WLAN access

Part B – List of Risks, Threats, and Vulnerabilities


Given the scenario of a healthcare organization, answer the following Lab #1 assessment questions
from a risk management perspective:

1. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?
LAN-to-WAN Domain

2. What is the risk impact or risk factor (critical, major, minor) that you would qualitatively assign
to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for the
healthcare and HIPPA compliance scenario?
`
Hacker penetrates IT infrastructure and gains access to your internal network: Critical, PHI can be
compromised Denial of service attack on organization's e-mail server: Minor, can be mitigated Weak
ingress/egress traffic filtering degrades performance: Minor, can be mitigated VPN tunneling
between the remote computer and ingress/egress router: Major, if electronic protected health
information (ePHI) is being accessed remotely

3. How many threats and vulnerabilities did you find that impacted risk within each of the
seven domains of a typical IT infrastructure?
User Domain: 3
Workstation Domain: 3
LAN Domain: 3
LAN-to-WAN Domain: 4
WAN Domain: 2
Remote Access Domain: 2
Systems/Application Domain: 3

4. In which domain do you implement web content filters?


LAN-to-WAN Domain

5. Which domains need software vulnerability assessments to mitigate risk from


software vulnerabilities?
Workstation Domain (workstation, corporate-issued mobile devices) LAN
Domain (regarding the network devices) System/Application Domain (servers,
storage area network (SAN), network attached storage (NAS), backup devic

You might also like