The task of identifying risks in an IT environment can become overwhelming. Once your mind starts asking “what if…?” about one IT area, you quickly begin to grasp how many vulnerabilities exist across
Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint.
On your local computer, create a new document.
You will use this document as your Lab Report.
Review the seven domains of a typical IT infrastructure.
Seven Domains
In your Lab Report file, describe how risk can impact each of the seven domains of a typical IT infrastructure: User, Workstation, Local Area Network (LAN), Local Area Network-to-Wide Area Network (LAN-to-WAN), Wide Area Network (WAN), Remote Access, and System/Application domains.
Review the left-hand column of the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure servicing patients with life-threatening conditions:
| Risks, Threats, and Vulnerabilities | Primary Domain Impacted |
| Unauthorized access from public Internet |
|
| Hacker penetrates IT infrastructure and gains access to your internal network |
|
| Communication circuit outages |
|
| Workstation operating system (OS) has a known software vulnerability |
|
| Denial of service attack on organization’s e-mail server |
|
| Remote communications from home office |
|
| Workstation browser has software vulnerability |
|
| Weak ingress/egress traffic-filtering degrades performance |
|
| Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse |
|
| Need to prevent rogue users from unauthorized WLAN access |
|
| User destroys data in application, deletes all files, and gains access to internal network |
|
| Fire destroys primary data center |
|
| Intraoffice employee romance gone bad |
|
| Loss of production data server |
|
| Unauthorized access to organization-owned workstations |
|
| LAN server OS has a known software vulnerability |
|
| User downloads an unknown e-mail attachment |
|
| Service provider has a major network outage |
|
| User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers |
|
| Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router |
|
Note: Some risks will affect multiple IT domains. In fact, in real-world environments, risks and their direct consequences will most likely span across several domains. This is a big reason to implement controls in more than one domain to mitigate those risks. However, for the exercise in step 5 that follows, consider and select only the domain that would be most affected.
Subsequent next steps in the real world include selecting, implementing, and testing controls to minimize or eliminate those risks. Remember that a risk can be responded to in one of four ways: accept it, treat it (minimize it), avoid it, or transfer it (for example, outsource or insurance).
In your Lab Report file, complete the table from the previous step by identifying which of the seven domains of a typical IT infrastructure will be most impacted by each item in the table’s left-hand column and explain why.
Note: This concludes the lab.
