Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Iaa202 Ia17a Lab3 Team1

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 8

Laboratory #3

Lab 3: Define the Scope & Structure for an IT Risk Management Plan

Learning Objectives and Outcomes

Upon completing this lab, students will be able to:

• Define the purpose and objectives of an IT risk management plan

• Define the scope and boundary for an IT risk management plan to encompass the seven

domains of a typical IT infrastructure

• Relate identified risks, threats, and vulnerabilities to an IT risk management plan and risk
areas

• Incorporate the five major parts of an IT risk management process into the table of

contents of the plan

• Craft an IT risk management plan table of contents that addresses the seven domains of a

typical IT infrastructure and the five major parts of risk management and risk areas

Required Setup and Tools

This is a paper-based lab and does not require the use of a “mock” IT infrastructure or virtualized
server farm.

The standard Instructor and Student VM workstation with Microsoft Office 2007 or higher is
required for this lab for Internet access and Microsoft Word for answering and submitting the Lab #3
– Assessment Worksheet questions.

The risks, threats, and vulnerabilities identified in Lab #1 – Identify Threats & Vulnerabilities in
an IT Infrastructure will be used as a basis for the scenario in Lab #3. Students are to focus their
IT risk management plan table of contents using one of the scenarios and vertical industries
assigned by the Instructor.

In addition, Microsoft Word is a required tool for the student to craft an IT risk management plan
table of contents. The scope and structure of the table of contents will be presented by the Instructor
in the demo overview lab.
Recommended Procedures

Lab #3 – Student Steps:

Student steps needed to perform Lab #3 – Define the Scope & Structure for an IT Risk Management
Plan:

1. Connect your removable hard drive or USB hard drive to a classroom workstation.

2. Boot up your classroom workstation and DHCP for an IP host address.

3. Login to your classroom workstation and enable Microsoft Word.

4. Review the risks within each of the seven domains from a risk management
perspective – classroom discussion and interaction.

5. Review the 21 identified risks, threats, and vulnerabilities categorized within one of the
seven domains of a typical IT infrastructure. Refer to your Lab #1 – Assessment
Worksheet, Part A – List of Identified Risks, Threats, and Vulnerabilities.

6. For each of the seven domains incorporate the following outline within the scope of your
risk management plan table of contents:

• Risk planning

• Risk identification

• Risk assessment

• Risk mitigation

• Risk monitoring

7. Obtain your scenario and vertical industry assignment from your Instructor.

8. Work with your group members to delegate various parts of your IT risk management plan.
9. Craft a comprehensive IT risk management plan table of contents using Microsoft Word. Be
sure to encompass the four major risk areas identified in step #6 above.

10. Answer Lab #3 – Assessment Questions and ask your Instructor questions for guidance.

Deliverables

Upon completion of the Lab 3# - Define the Scope & Structure for an IT Risk Management Plan,
students are required to provide the following deliverables as part of this lab:

1. Lab #3 – IT Risk Management Plan Table of Contents

2. Lab #3 - Assessment Worksheet Questions and Answers

Evaluation Criteria and Rubrics

The following are the evaluation criteria and rubrics for Lab #3 that the students must perform:

1. Was the student able to define the purpose and objectives of an IT risk management
plan? – [20%]

2. Was the student able to define the scope and boundary for an IT risk management
plan to encompass the seven domains of a typical IT infrastructure? – [20%]
3. Was the student able to relate identified risks, threats, and vulnerabilities to an IT
risk management plan and risk areas? – [20%]

4. Was the student able to incorporate the five major parts of an IT risk management process
into the table of contents of the plan? – [20%]

5. Was the student able to craft an IT risk management plan table of contents that addresses the
seven domains of a typical IT infrastructure and the five major parts of risk management and
risk areas? – [20%]
Lab #3: Assessment Worksheet

Define the Scope & Structure for an IT Risk Management Plan

Course Name: ____________________IAA202_________________________________________

Student Name: ____________________Team 1_________________________________________

Instructor Name: __________________Mr. Long NQ____________________________________

Lab Due Date: _____________________________________________________________

Overview

The Instructor will assign your group one of the following scenarios and industry verticals. You
must align your IT risk management plan from this scenario and industry vertical perspective
along with any compliance law requirements.

1. Circle the scenario and industry vertical your Instructor assigned to your group:

a. Healthcare provider under HIPPA compliance law


b. Regional bank under GLBA compliance law

c. Nationwide retailer under PCI DSS standard requirements

d. Higher-education institution under FERPA compliance law

2. Make sure your table of contents addresses your scenario and vertical industry.

3. Make sure your table of contents includes at a minimum, the five major parts of IT risk
management:

• Risk planning

• Risk identification

• Risk assessment

• Risk mitigation

• Risk monitoring

4. Make sure your table of contents is executive management ready and addresses all the risk
topics and issues needed for executive management awareness.

5. Answer Lab #3 – Assessment Worksheet questions and submit as part of your Lab #3
deliverables.

Lab #3: Assessment Worksheet

Define the Scope & Structure for an IT Risk Management Plan

Course Name: _______________________IAA202______________________________________

Student Name: _______________________Team1______________________________________

Instructor Name: _____________________Mr. Long NQ________________________________

Lab Due Date: ___________________________30/5/2023________________________________

Overview
Answer the following Lab #3 – Assessment Worksheet questions pertaining to your IT risk
management plan design and table of contents.

Lab Assessment Questions

1. What is the goal or objective of an IT risk management plan?

- The goal or objective of an IT risk management plan is to identify, assess, and mitigate risks
related to information technology systems and infrastructure within an organization.

2. What are the five fundamental components of an IT risk management plan?

- identifying the risk, analyzing the risk, ranking or evaluating the risk, providing a solution,
and reviewing or monitoring the risk.

3. Define what risk planning is?

- Risk planning is the process of identifying, prioritizing, and managing risk.

4. What is the first step in performing risk management?

- identify all the events that can negatively (risk) or positively (opportunity) affect the
objectives of the project.

5. What is the exercise called when you are trying to identify an organization’s risk health?

- Risk assessment.

6. What practice helps reduce or eliminate risk?

- One practice that helps reduce or eliminate risk is implementing risk mitigation measures.
Risk mitigation refers to the actions taken to reduce the likelihood or impact of identified
risks. Here are some common practices used for risk mitigation: Risk Avoidance, Risk
Transfer, Risk Reduction, Risk Spreading, Contingency Planning, Training and Awareness,
Regular Monitoring and Evaluation.

7. What on-going practice helps track risk in real-time?

- Monitoring.

8. Given that an IT risk management plan can be large in scope, why is it a good idea to
development a risk management plan team?

- So no tasks are easily missed and the goal of the project can be completed.

9. Within the seven domains of a typical IT infrastructure, which domain is the most difficult
to plan, identify, assess, remediate, and monitor?
WAN Domain-> User

10. From your scenario perspective, with which compliance law or standard does your
organization have to comply? How did this impact the scope and boundary of your IT risk
management plan?

The HIPAA policy needs to be in the health care law. HIPAA because of the hospital scenario. This
will impact the risk management plan by identifying a large number of IT security risks see
How HIPAA is involved with keeping personal medical records secure. Our range will have to
involves a large amount of IT security or IT risk management that will need to be outsourced to
mitigate risk

11. How did the risk identification and risk assessment of the identified risks, threats, and
vulnerabilities contribute to your IT risk management plan table of contents?
Develop and implement a risk management plan. Implement security measures. Evaluate and maintain
components
security law. The table of contents will be expanded due to major risks that need to be addressed

12. What risks, threats, and vulnerabilities did you identify and assess that require
immediate risk mitigation given the criticality of the threat or vulnerability?

Unauthorized access from public Internet User destroys data in application and deletes all files
Hackers infiltrate your IT infrastructure and gain access to your internal network.
>Cryptocurrency

13. For risk monitoring, what techniques or tools can you implement within each of the seven
domains of a typical IT infrastructure to help mitigate risk?
- Unauthorized access from public internet, User destroys data in application, delete all files,
and gains access to internal network and hacker penetrates IT infrastructure requires
immediate risk mitigation.

14. For risk mitigation, what processes and procedures are needed to help streamline and
implement risk mitigation solutions to the production IT infrastructure?
- Different ways could be followed to mitigate risk in different domains. Having Strong
procedures and spreading awareness for User domain, strong firewalls and anti-virus for
workstation domain, port security for LAN domain, strong firewall to server forLAN-WAN
domain, VPN client system and encryption for remote access, DMZ for Wanand data backups
and servers for System/Application domain are effective.Overall, any kind of identification
and steps taken to reduce the risks should help in mitigating risk.

15. How does risk mitigation impact change control management and vulnerability management?

- Developing strict schedules with stringent controls, having IT audits and ensuring timely
completion of tasks with proper remediation and reporting can lead to production IT
infrastructure.

You might also like