Assignment: Performing a Qualitative Risk Assessment for an IT Infrastructure

Overview

In this lab, you defined the purpose of an IT risk assessment, you aligned identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure, you classified the risks, threats, and vulnerabilities, and you prioritized them.

Finally, you wrote an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance.

Lab Assessment Questions & Answers

1. What is an IT risk assessment's goal or objective?

2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure?

3. What was your rationale in assigning a "1" risk impact/risk factor value of "Critical" to an identified risk, threat, or vulnerability?

4. After you had assigned the "1," "2," and "3" risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the "1," "2," and "3" risk elements? What would you say to executive management about your final recommended prioritization?

5. Identify a risk-mitigation solution for each of the following risk factors:

a. User downloads and clicks on an unknown e-mail attachment
b. Workstation OS has a known software vulnerability
c. Need to prevent eavesdropping on WLAN due to customer privacy data access
d. Weak ingress/egress traffic-filtering degrades performance
e. DoS/DDoS attack from the WAN/Internet
f. Remote access from home office
g. Production server corrupts database.