1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most. 2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management?
Setting up security measures through various means. Forcing users to update password every X number of days. Educating users. Firewalls Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? 4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers.
A good antivirus program and have all devices scanned as soon as they are plugged in. Educate employees Disable optical drives/USB ports (if they are not needed) 5. What is security baseline definition? A baseline is a starting point or a standard. Within IT, a baseline provides a standard focused on a specific technology used within an organization. When applied to security policies, the baseline represents the minimum security settings that must be applied. 6. What questions do you have for executive management in order to finalize your IT risk mitigation plan?
What is the budget? What are their priorities? Disclose all your thoughts on the matter. Show them other options and how you came to your conclusion and make sure the executive management agrees. 7. What is the most important risk mitigation requirement you uncover and want to communicate executive management? In your opinion, why is this the most important risk mitigation requirement? 8. Based on your IT risk mitigation plan, what is the difference between short-term and long-term risk mitigation tasks and on-going duties? 9.
Which of the seven domains of a typical IT infrastructure is easy to implement risk mitigation solutions but difficult to monitor and track effectiveness? Remote Access Domain 10. Which of the seven domains of a typical IT infrastructure usually contains privacy data within systems, servers, and databases? 11. Which of the seven domains of a typical IT infrastructure can access privacy data and also store it on local hard drives and disks? 12. Why is the Remote Access Domain the most risk prone of all within a typical IT infrastructure?
13. When considering the implementation of software updates, software patches, and software fixes, why must you test this upgrade or software patch before you implement this as a risk mitigation tactic? 14. Are risk mitigation policies, standards, procedures, and guidelines needed as part of your long-term risk mitigation plan? Why or why not? 15. If an organization under a compliance law is not in compliance, how critical is it for your organization to mitigate this non-compliance risk element?