homework 1

NT2580 Introduction to Information Security

Unit 1 Assignment 1: Match Risks/Threats to Solutions

Assignment Requirements
This is a matching activity. You will receive the Match Risks/Threats to Solutions worksheet, which contains a numbered list of common risks and threats found in a typical IT infrastructure. You must enter the letter for the correct solution or preventative action in the blank to the right of each risk or threat.

Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat.

Risks or threats:
1. Violation of a security policy by a user ____C____
2. Disgruntled employee sabotage ____I____
3. Download of non-business videos using the
Internet to an employer-owned computer ____A____
4. Malware infection of a user’s laptop ____L____
5. Unauthorized physical access to the LAN ____N____
6. LAN server operating system vulnerabilities ____F____
7. Download of unknown file types from unknown sources by local users ____B____
8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____H____
9. WAN eavesdropping ____M____
10. WAN Denial of Service (DoS) or Distributed Denial of
Service (DDoS) attacks ____D____
11. Confidential data compromised remotely ____G____
12. Mobile worker token stolen ____K____
13. Corrupt or lost data ____E____
14. Downtime of customer database ____J____

Solutions or preventative actions:
A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types.
B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources.
C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews.
D. Apply filters on exterior Internet Protocol