Information Systems

ISE 510 Security Risk Analysis & Plan

Week 8 HW

Developing a Risk Remediation Plan

30 points

<Last Name, First Name>

Due <DATE>

Submitted on <DATE>

If late let me know why:

=====================================

Delete these instructions in blue font before submission:

Change file name to HW#8_LAST_FIRST

A few comments up front: – The Jones and Bartlett Learning, TOPIC 4, is a valuable source of information.

– I encourage you to read through the HW problems below and if you have questions *about* the problem, please ask either through the Classroom or via email.

– If you are rusty on security fundamentals then now is a good time to brush up! Let me know and I can point you to refresher resources

1) The table below has a list of Risks Threats and Vulnerabilities. The primary Domain is provided. You are to place the Impact Factor based on the definitions below, and then place a likelihood factor (Low, Medium, High) based on your experience, research or insight.

1 = Critical: A risk, threat or vulnerability that impacts compliance (privacy laws requirements for securing privacy data and implementing proper security controls) and places the organization at increased liability

2 = Major: A risk, threat or vulnerability that impacts confidentiality, integrity or availability of the organization’s intellectual property assets and IT infrastructure

3 = Minor: A risk, threat or vulnerability that impacts user or employee productivity or availability of the IT infrastructure.

The first one is done as an example.

Rule 1: If there is a Risk Threat or Vulnerability and it has not been exploited yet, it can only have an Impact of 2 or 3.

Rule 2: There are no more than ten 1’s

2) Frequency Table

Looking at your table above, count the number of “High-1” and place the number in cell High-1; then High-2, High-3, Med-1 etc. repeat for all cells. The total of all the cells will be 23.

 Impact 1 2 3 Low Medium High Probability

What can you observe about the distribution? Is this company in trouble or are they close to being secure?

3) Remediation plan

For the top 3 most critical risks, threats, or vulnerabilities, give a primary and an alternate remediation course of action. The primary course of action is what you recommend to Management, the alternative is usually not as effective but cheaper. Be sure to consider cost in your recommendation to Management. Use references on each.

3-1. State the risk, threat, or vulnerability here

Primary:

Alternate:

3-2. State the risk, threat, or vulnerability here

Primary:

Alternate:

3-3. State the risk, threat, or vulnerability here

Primary:

Alternate:

4) General Questions regarding Risk-Mitigation:

a) What risk-mitigation solutions do you recommend for the problem of: User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers?

b) Why is Continuity of Operations an important risk-mitigation requirement?

c) Why is the Remote Access Domain the most risk-prone of all in a typical IT infrastructure?

d) When considering the implementation of software updates, software patches, and software fixes, why must you test the upgrade or software patch before you implement it?

Appendix

– Seven major areas of risk in IT infrastructure

From: Jones and Bartlett Learning, TOPIC 1.

Q: What are the major areas of risk in IT infrastructure? See Image below.

A: The seven domains of the typical IT infrastructure are the major areas of risk.

1. USER: The user domain risk areas include user names, passwords, biometric or other authentication, and social engineering.

2. WORKSTATION: In the workstation domain, the risk areas include end user systems, laptops, desktops, and cells phones. The “desktop domain” where most users enter the IT infrastructure

3. LAN: In the local area network (LAN) domain, the risk areas include the equipment required to create an internal LAN, such as hubs, switches, and media. Small network organized by function or department, allowing access to all resources on the LANs.

4. LAN-to-WAN: The risk areas in the LAN-to-wide area network (WAN) domain include the transition area between the LAN and the WAN, including the router and the firewall. The point at which the IT infrastructure joins a WAN and the Internet

5. WAN: The WAN domain risk areas include the routers and circuits connecting the WAN. The point at which the WAN connects to other WANs via the Internet

6. APPLICATION: In the system, or application, domain, the risk areas include the applications you run on your network, such as e-mail, database, and Web applications. Holds all of the mission-critical systems, applications, and data

7. REMOTE ACCESS: The risk areas in the remote access domain include applications, such as a virtual private network (VPN) to guide remote or travelling users. Connects remote employees and partners to the IT infrastructure

Seven major areas of risk in IT infrastructure

Order now and get 10% discount on all orders above \$50 now!!The professional are ready and willing handle your assignment.

ORDER NOW »»