Lab

Please find attached document.

Managing Risk
in Information
Systems

Don't use plagiarized sources. Get Your Custom Essay on
Lab
Just from $13/Page
Order Essay

Powered by vLab Solutions

JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES

LABORATORY MANUAL TO ACCOMPANY

VERSION 2.0

INSTRUCTOR VERSION

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

49

Introduction

Identifying and assessing risks is challenging, but treating them is another matter entirely.

Treating risks means making changes based on a risk assessment and probably a few hard

decisions. When treating even the most straightforward of risks, practice due diligence by

documenting what steps you are taking to mitigate the risk. If you don’t document the change

and the reasoning behind it, it’s possible that your organization could reverse the mitigation and

reintroduce the risk based on the notion of “but that’s how we always did it before.”

After you’ve addressed a risk, appoint someone to make certain that the risk treatment is being

regularly applied. If a security incident arises even with the change in place, having a single

person in charge will ensure that any corrective action aligns with the risk-mitigation plan.

You’re not appointing someone so you can blame that person if things go wrong; you are instead

investing that individual with the autonomy to manage the incident effectively. The purpose of a

risk-mitigation plan is to define and document procedures and processes to establish a baseline

for ongoing mitigation of risks in the seven domains of an IT infrastructure.

In this lab, you will identify the scope for an IT risk-mitigation plan, you will align the plan’s

major parts with the seven domains of an IT infrastructure, you will define the risk-mitigation

steps, you will define procedures and processes needed to maintain a security baseline for

ongoing mitigation, and you will create an outline for an IT risk-mitigation plan.

Learning Objectives

Upon completing this lab, you will be able to:

Identify the scope for an IT risk-mitigation plan focusing on the seven domains of a typical

IT infrastructure.

Align the major parts of an IT risk-mitigation plan in each of the seven domains of a typical

IT infrastructure.

Define the tactical risk-mitigation steps needed to remediate the identified risks, threats, and

vulnerabilities commonly found in the seven domains of a typical IT infrastructure.

Define procedures and processes needed to maintain a security baseline definition for

ongoing risk mitigation in the seven domains of a typical IT infrastructure.

Create an outline for an IT risk-mitigation plan encompassing the seven domains of a typical

IT infrastructure.

Lab #6 Developing a Risk-Mitigation Plan Outline for
an IT Infrastructure

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

51

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.

www.jblearning.com Instructor Lab Manual

Hands-On Steps

Note:
This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft®
Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing
application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab
deliverable files.

3. Review the seven domains of a typical IT infrastructure (see Figure 1).

Figure 1 Seven domains of a typical IT infrastructure

4. Using the following table, review the results of your assessments in the Performing a
Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual. In addition,

review the results of how you categorized and prioritized the risks for the IT

infrastructure

in that lab:

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

52 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure

Risks, Threats, and Vulnerabilities Primary Domain
Impacted

Risk Impact/
Factor

Unauthorized access from public Internet

User destroys data in application and
deletes all files

Hacker penetrates your IT infrastructure
and gains access to your internal network

Intraoffice employee romance gone bad

Fire destroys primary data center

Service provider service level agreement
(SLA) is not achieved

Workstation operating system (OS) has a
known software vulnerability

Unauthorized access to organization-
owned workstations

Loss of production data

Denial of service attack on organization
Demilitarized Zone (DMZ) and e-mail
server

Remote communications from home office

Local Area Network (LAN) server OS has a
known software vulnerability

User downloads and clicks on an unknown
e-mail attachment

Workstation browser has a software
vulnerability

Mobile employee needs secure browser
access to sales-order entry system

Service provider has a major network
outage

Weak ingress/egress traffic-filtering
degrades performance

User inserts CDs and USB hard drives with
personal photos, music, and videos on
organization-owned computers

Virtual Private Network (VPN) tunneling
between remote computer and
ingress/egress router is needed

Wireless Local Area Network (WLAN)
access points are needed for LAN
connectivity within a warehouse

Need to prevent eavesdropping on WLAN
due to customer privacy data access

Denial of service (DoS)/distributed denial of
service (DDoS) attack from the Wide Area
Network (WAN)/Internet

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

53

Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Instructor Lab Manual

5. Organize the qualitative risk assessment data according to the following:

 Review the executive summary from the Performing a Qualitative Risk Assessment
for an IT Infrastructure lab in this lab manual.

 Organize all of the critical “1” risks, threats, and vulnerabilities identified throughout
the seven domains of a typical IT infrastructure.

Fighting Fear
In the real world, some managers will accept risk rather than make changes to mitigate it. If they offer up only vague
reasons for sticking with the status quo, then their decision is likely based on fear of change. Don’t let their fear stop
you from treating the risk.

Here are two tips to fight a manager’s fear:

Prepare for your manager’s “What if?” questions. Example of a manager’s question: “What if we apply the firewall but
it also stops network traffic we want, such as from our applications?” Your answer: “We’ve tested nearly all
applications with the chosen firewall. And we’re prepared to minimize unforeseen outages.”

Know, in concrete terms, what will happen if the risk is not treated. Example of a manager’s question: “What is
supposed to happen that hasn’t happened already?” Your answer will come from the risk assessment you’ve
performed, which will calculate the risk’s likelihood and consequences.

6. On your local computer, open a new Internet browser window.

7. In the address box of your Internet browser, type the URL
http://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-
engineering/risk-management/risk-impact-assessment-and-prioritization and press Enter to
open the Web site.

8. Read the article titled “Risk Impact Assessment and Prioritization.”

9. Describe the purpose of prioritizing the risks prior to creating a risk-mitigation plan.

10. Describe the elements of an IT risk-mitigation plan outline by covering the following
major topics:

 Executive summary

 Prioritization of identified risks, threats, and vulnerabilities organized into the seven

domains

 Critical “1” risks, threats, and vulnerabilities identified throughout the IT

infrastructure

 Short-term remediation steps for critical “1” risks, threats, and

vulnerabilities

 Long-term remediation steps for major “2” and minor “3” risks, threats, and

vulnerabilities

 Ongoing IT risk-mitigation steps for the seven domains of a typical IT infrastructure

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

54 | LAB #6 Developing a Risk-Mitigation Plan Outline for an IT Infrastructure

 Cost magnitude estimates for work effort and security solutions

 Implementation plans for remediation

11. Create a detailed IT risk-mitigation plan outline by inserting appropriate subtopics
and sub-bullets.

Note:
This completes the lab. Close the Web browser, if you have not already done so.

Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.

What Will You Get?

We provide professional writing services to help you score straight A’s by submitting custom written assignments that mirror your guidelines.

Premium Quality

Get result-oriented writing and never worry about grades anymore. We follow the highest quality standards to make sure that you get perfect assignments.

Experienced Writers

Our writers have experience in dealing with papers of every educational level. You can surely rely on the expertise of our qualified professionals.

On-Time Delivery

Your deadline is our threshold for success and we take it very seriously. We make sure you receive your papers before your predefined time.

24/7 Customer Support

Someone from our customer support team is always here to respond to your questions. So, hit us up if you have got any ambiguity or concern.

Complete Confidentiality

Sit back and relax while we help you out with writing your papers. We have an ultimate policy for keeping your personal and order-related details a secret.

Authentic Sources

We assure you that your document will be thoroughly checked for plagiarism and grammatical errors as we use highly authentic and licit sources.

Moneyback Guarantee

Still reluctant about placing an order? Our 100% Moneyback Guarantee backs you up on rare occasions where you aren’t satisfied with the writing.

Order Tracking

You don’t have to wait for an update for hours; you can track the progress of your order any time you want. We share the status after each step.

image

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

Areas of Expertise

Although you can leverage our expertise for any writing task, we have a knack for creating flawless papers for the following document types.

image

Trusted Partner of 9650+ Students for Writing

From brainstorming your paper's outline to perfecting its grammar, we perform every step carefully to make your paper worthy of A grade.

Preferred Writer

Hire your preferred writer anytime. Simply specify if you want your preferred expert to write your paper and we’ll make that happen.

Grammar Check Report

Get an elaborate and authentic grammar check report with your work to have the grammar goodness sealed in your document.

One Page Summary

You can purchase this feature if you want our writers to sum up your paper in the form of a concise and well-articulated summary.

Plagiarism Report

You don’t have to worry about plagiarism anymore. Get a plagiarism report to certify the uniqueness of your work.

Free Features $66FREE

  • Most Qualified Writer $10FREE
  • Plagiarism Scan Report $10FREE
  • Unlimited Revisions $08FREE
  • Paper Formatting $05FREE
  • Cover Page $05FREE
  • Referencing & Bibliography $10FREE
  • Dedicated User Area $08FREE
  • 24/7 Order Tracking $05FREE
  • Periodic Email Alerts $05FREE
image

Our Services

Join us for the best experience while seeking writing assistance in your college life. A good grade is all you need to boost up your academic excellence and we are all about it.

  • On-time Delivery
  • 24/7 Order Tracking
  • Access to Authentic Sources
Academic Writing

We create perfect papers according to the guidelines.

Professional Editing

We seamlessly edit out errors from your papers.

Thorough Proofreading

We thoroughly read your final draft to identify errors.

image

Delegate Your Challenging Writing Tasks to Experienced Professionals

Work with ultimate peace of mind because we ensure that your academic work is our responsibility and your grades are a top concern for us!

Sign Up Talk to Us

Check Out Our Sample Work

Dedication. Quality. Commitment. Punctuality

Categories
All samples
Essay (any type)
Essay (any type)
The Value of a Nursing Degree
Undergrad. (yrs 3-4)
Nursing
2
View this sample

It May Not Be Much, but It’s Honest Work!

Here is what we have achieved so far. These numbers are evidence that we go the extra mile to make your college journey successful.

0+

Happy Clients

0+

Words Written This Week

0+

Ongoing Orders

0%

Customer Satisfaction Rate
image

Process as Fine as Brewed Coffee

We have the most intuitive and minimalistic process so that you can easily place an order. Just follow a few steps to unlock success.

Call Us +1 (877) 657-8180 Discuss Order Details Now

See How We Helped 9000+ Students Achieve Success

image

We Analyze Your Problem and Offer Customized Writing

We understand your guidelines first before delivering any writing service. You can discuss your writing needs and we will have them evaluated by our dedicated team.

  • Clear elicitation of your requirements.
  • Customized writing as per your needs.

We Mirror Your Guidelines to Deliver Quality Services

We write your papers in a standardized way. We complete your work in such a way that it turns out to be a perfect description of your guidelines.

  • Proactive analysis of your writing.
  • Active communication to understand requirements.
image
image

We Handle Your Writing Tasks to Ensure Excellent Grades

We promise you excellent grades and academic excellence that you always longed for. Our writers stay in touch with you via email.

  • Thorough research and analysis for every order.
  • Deliverance of reliable writing service to improve your grades.
Place an Order Start Chat Now
image

Order your essay today and save 30% with the discount code Happy

Order Now