Adrienne Brown

Lab 1: How to Identify Threats & Vulnerabilities in an IT Infrastructure

September 27, 2014

Week 1 Lab: Assessment Worksheet

Part A List of Risks, Threats, and Vulnerabilities
Commonly Found in an IT Infrastructure

Overview

One of the most important first steps to risk management and implementing a risk mitigation strategy is to
identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of
a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk
management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities
and map them to the domain that these impact from a risk management perspective.

Lab Assessment Questions & Answers

The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing
patients with life-threatening situations. Given the list, select which of the seven domains of a typical IT
infrastructure is primarily impacted by the risk, threat, or vulnerability.
Risk Threat Vulnerability
Unauthorized access from pubic Internet
User destroys data in application and deletes
all files
Hacker penetrates your IT infrastructure
and gains access to your internal network
Fire destroys primary data center
Communication circuit outages
Workstation OS has a known software vulnerability
Unauthorized access to organization owned
Workstations
Denial of service attack on organization e-mail
Server
Remote communications from home office
LAN server OS has a known software vulnerability
User downloads an unknown e mail

Primary Domain Impacted

LAN-to-WAN
System/Application
LAN-to-WAN
LAN
LAN
Workstation
Workstation
WAN
Remote Access
LAN
User

attachment
Workstation browser has software vulnerability
Service provider has a major network outage
User inserts CDs and USB hard drives
with personal photos, music, and videos on
organization owned computers
VPN tunneling between remote computer
and ingress/egress router
WLAN access points are needed for LAN
connectivity within a warehouse

Workstation
WAN
User

Remote Access
LAN-to-WAN

Lab 1: Assessment Worksheet

Identify Threats and Vulnerabilities in an IT infrastructure

1. Unauthorized access from a public internet would violate HIPPA anyone can see your
information or work. Many employee signed a disclaimer vowing to not use the information they
are privy to. Employees must be cautious where they do work and what they talk about in the
work and public place. User- an unauthorized user can access a file and delete file. An
unauthorized user can access files and give out information about a patient .

2. Number of domains and the number of risks found for them in previous task
a. User Domain- 5
b. Workstation Domain-1
c.

LAN Domain-2

d. LAN-to-WAN- 3
e. WAN- 2
f.

Remote Access Domain-2

g. Systems/Application Domain-3
3. Workstation/ user/systems/application
4. Major- unauthorized web access network probing and port scanning
5. Cloud computing- you would need this to access your information if all is lost
6. User Domain
7. Remote Access Domain

8. User/ workstation
9. Workstation/ LAN/ system/application/ LAN-to-WAN
10. Workstation/WAN
11. LAN-to-WAN
12. LAN
13. WAN
14. . True
15. Each domain checks and balances other domains. There are coverage overlaps that ensure
that there is going to be no gaps. Software upgrades would help out workstation, LAN, and
System/Application domain.