Identifying Threats and Vulnerabilities in an IT Infrastructure
Security Risk Management: CSS250-1503A-01
Course Name and Number: _____________________________________________________
Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
July 13, 2015
Lab Due Date: ________________________________________________________________
In this lab, you identified known risks, threats, and vulnerabilities, and you organized them.
Finally, you mapped these risks to the domain that was impacted from a risk management
...view middle of the document...
Of the three System/Application Domain risks, threats, and vulnerabilities identified, which one
requires a disaster recovery plan and business continuity plan to maintain continued operations
during a catastrophic outage?
6. Which domain represents the greatest risk and uncertainty to an organization?
7. Which domain requires stringent access controls and encryption for connectivity to corporate
resources from home?
8. Which domain requires annual security awareness training and employee background checks for
sensitive positions to help mitigate risks from employee sabotage?
9. Which domains need software vulnerability assessments to mitigate risk from software
10. Which domain requires acceptable use policies (AUPs) to minimize unnecessary user-initiated
Internet traffic and can be monitored and controlled by Web content filters?
11. In which domain do you implement Web content filters?
12. If you implement a Wireless LAN (WLAN) to support connectivity for laptops in the
Workstation Domain, which domain does WLAN fall within?
13. Under the Gramm-Leach-Bliley-Act...