Lab 2 Coursework

Week 2 Laboratory

Perform a Qualitative Risk Assessment for an IT Infrastructure

Learning Objectives and Outcomes
Upon completing this lab, students will be able to:
• Define the purpose and objectives of an IT risk assessment
• Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure
• Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template
• Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale
• Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of non-compliance

Lab #4: Assessment Worksheet

Perform a Qualitative Risk Assessment for an IT Infrastructure


The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves.

1. Given the list below, perform a qualitative risk assessment:
Determine which typical IT domain is impacted by each risk/threat/vulnerability in the “Primary Domain Impacted” column.

Risk – Threat – Vulnerability Primary Domain Impacted Risk Impact/Factor

Unauthorized access from pubic Internet

User destroys data in application and deletes
all files

Hacker penetrates your IT infrastructure
and gains access to your internal network

Intra-office employee romance gone bad

Fire destroys primary data center

Service provider SLA is not achieved

Workstation OS has a known software

Unauthorized access to organization owned

Risk – Threat – Vulnerability Primary Domain Impacted Risk Impact/Factor

Loss of production data

Denial of service attack on organization
DMZ and e-mail server

Remote communications from home office
LAN server OS has a known software

User downloads and clicks on an unknown
unknown e-mail attachment

Workstation browser has software vulnerability

Mobile employee needs secure browser access
to sales order entry system

Service provider has a major network outage

Weak ingress/egress traffic filtering
degrades performance

User inserts CDs and USB hard drives
with personal photos, music, and videos on
organization owned computers

VPN tunneling between remote computer
and ingress/egress router is needed

WLAN access points are needed for LAN
connectivity within a warehouse

Need to prevent eavesdropping on WLAN
due to customer privacy data access

DoS/DDoS attack from the WAN/Internet

2. Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a “1”, “2”, and “3” next to each risk, threat, vulnerability in the “Risk Impact/Factor” column. “1” = Critical, “2” = Major, “3” = Minor. Use the following qualitative risk impact/risk factor metrics:
“1” Critical – a risk, threat, or vulnerability that impacts compliance (i.e., privacy law requirement for securing privacy data and implementing proper security controls, etc.) and places the organization in a position of increased liability
“2” Major – a risk, threat, or vulnerability that impacts the C-I-A of an organization’s intellectual property assets and IT infrastructure
“3”Minor – a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure

3. Craft an executive summary for management using the following 4-paragraph format. The executive summary must address the following topics:
• Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found throughout the IT infrastructure
• Prioritization of critical, major, minor risk assessment elements
• Risk assessment and risk impact summary
• Recommendations and next steps

Week 2 Lab: Assessment Worksheet

Perform a Qualitative Risk Assessment for an IT Infrastructure


Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed.

Lab Assessment Questions & Answers

1. What is the goal or objective of an IT risk assessment?

2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure?

3. What was your rationale in assigning “1” risk impact/ risk factor value of “Critical” for an identified risk, threat, or vulnerability?

4. When you assembled all of the “1” and “2” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to executive management in regards to your final recommended prioritization?

Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages

Order your paper today and save 7% with the discount code HOME7