IS3110 - lab 6
Lab #6: Assessment Worksheet
1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?
Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most.
2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management?
Setting up security measures through various means.
Forcing users to update password every X number of days.
Educating users.
Firewalls
Anti-malware
3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities?
4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers.
A good antivirus program and have all devices scanned as soon as they are plugged in.
Educate employees
Disable optical drives/USB ports (if they are not needed)
5. What is security baseline definition?
A baseline is a starting point or a standard. Within IT, a baseline provides a standard focused on a specific technology used within an organization. When applied to security policies, the baseline represents the minimum security settings that must be applied.
6. What questions do you have for executive management in order to finalize your IT risk mitigation plan?
What is the budget?
What are their priorities?
Disclose all your thoughts on the matter. Show them other options and how you came to your conclusion and make sure the executive management agrees.
7. What is the most important risk mitigation
1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?
Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most.
2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management?
Setting up security measures through various means.
Forcing users to update password every X number of days.
Educating users.
Firewalls
Anti-malware
3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities?
4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers.
A good antivirus program and have all devices scanned as soon as they are plugged in.
Educate employees
Disable optical drives/USB ports (if they are not needed)
5. What is security baseline definition?
A baseline is a starting point or a standard. Within IT, a baseline provides a standard focused on a specific technology used within an organization. When applied to security policies, the baseline represents the minimum security settings that must be applied.
6. What questions do you have for executive management in order to finalize your IT risk mitigation plan?
What is the budget?
What are their priorities?
Disclose all your thoughts on the matter. Show them other options and how you came to your conclusion and make sure the executive management agrees.
7. What is the most important risk mitigation