Lab #3 Defining the Scope and Structure for an IT

Similar documents
Lab #1 Creating an IT Infrastructure Asset List and. Identifying Where Privacy Data Resides

Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure

Information System Security. Nguyen Ho Minh Duc, M.Sc

ITE 119 Information Literacy

Network Security Assessment

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

CND Exam Blueprint v2.0

Vulnerability Management Policy

Department of Management Services REQUEST FOR INFORMATION

Chapter 5: Vulnerability Analysis

Chapter 1 B: Exploring the Network

Process System Security. Process System Security

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

LO N LO CompTIA Network (Course & Labs) Course Outline. LO CompTIA Network (Course & Labs) 04 Apr 2018

LO CompTIA Network (Course & Labs) Course Outline. LO CompTIA Network (Course & Labs) ( Add-On ) 15 Jul 2018

FIREWALL BEST PRACTICES TO BLOCK

CompTIA Security+ Study Guide (SY0-501)

Securing Wireless Networks by By Joe Klemencic Mon. Apr

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Cisco Cisco Sales Expert. Practice Test. Version

FAU. How do I. Post course content? Folders

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Wireless LAN Security (RM12/2002)

Network Security and Cryptography. December Sample Exam Marking Scheme

Security analysis and assessment of threats in European signalling systems?

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

Advanced Security Tester Course Outline

Configuring Security Solutions

Cybersecurity, safety and resilience - Airline perspective

CyberP3i Course Module Series

Introduction. Goal of This Book. Audience for This Book

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Datto BDR Needs Assessment Module

A: Administering System Center Configuration Manager

CompTIA Network+ N ucertify Labs. Course Outline. CompTIA Network+ N ucertify Labs. 10 Oct

Secure Network Design Document

Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP

HIPAA Compliance Module. Using the HIPAA Module without Inspector Instructions. User Guide RapidFire Tools, Inc. All rights reserved.

Protect Your Organization from Cyber Attacks

CoreMax Consulting s Cyber Security Roadmap

Introduction to Information Security Dr. Rick Jerz

SWITCH Implementing Cisco IP Switched Networks

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

IS316 Fundamentals of Network Security, Firewalls and VPNs [Onsite and Online]

SC27 WG4 Mission. Security controls and services

Required Textbook and Materials. Course Objectives. Course Outline

Workforce Certification

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

IS305 Managing Risk in Information Systems [Onsite and Online]

MOBILE THREAT LANDSCAPE. February 2018

Objectives of the Security Policy Project for the University of Cyprus

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Virtual Dispersive Networking Spread Spectrum IP

(CNS-301) Citrix NetScaler 11 Advance Implementation

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

The simplified guide to. HIPAA compliance

10 FOCUS AREAS FOR BREACH PREVENTION

Choosing the Right Security Assessment

CPTE: Certified Penetration Testing Engineer

COMPUTER AND NETWORK SUPPORT TECHNICIAN PROGRAM

Industry Best Practices for Securing Critical Infrastructure

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

FedRAMP Security Assessment Plan (SAP) Training

ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

Administrative & Operations Network Security Assessment

Device Discovery for Vulnerability Assessment: Automating the Handoff

Designing and Building a Cybersecurity Program

UNIT 3 INTRODUCTORY MICROSOFT EXCEL LESSON 6 MAKING THE WORKSHEET USEFUL

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

COMPUTER NETWORK SECURITY

Administering System Center Configuration Manager

Course Outline. CompTIA Network+ N Pearson ucertify Course and Labs. CompTIA Network+ N Pearson ucertify Course and Labs

Pearson CISSP Lab. Course Outline. Pearson CISSP Lab. 05 Apr

How Secure Do You Feel About Your HIPAA Compliance Plan? Daniel F. Shay, Esq.

Question Yes No Business requirements documentation

Administering System Center Configuration Manager

MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Request for Proposal (RFP)

CompTIA Network+ N ucertify Course & Labs. Course Outline. CompTIA Network+ N ucertify Course & Labs.

SYLLABUS. DIVISION: Business and Engineering Technology REVISED: FALL 2015 CREDIT HOURS: 4 HOURS/WK LEC: 4 HOURS/WK LAB: 0 LEC/LAB COMB: 4

"Charting the Course... MOC 6435 B Designing a Windows Server 2008 Network Infrastructure Course Summary

CompTIA Security+ SY Course Outline. CompTIA Security+ SY May 2018

Chapter 2. Switch Concepts and Configuration. Part II

IT INFRASTRUCTURE PROJECT PHASE II INSTRUCTIONS

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

HIPAA Compliance Assessment Module

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

CRAW Security. CRAW Security

Vulnerability Management

Administering System Center 2012 Configuration Manager

Monthly Cyber Threat Briefing

An ICS Whitepaper Choosing the Right Security Assessment

CIW: Web Security Associate. Course Outline. CIW: Web Security Associate. 12 Oct ( Add-On )

MAKING SECURITY AWARENESS HAPPEN: APPENDICES

Hands-On IP for TeleCom Technicians Internetworking, TCP/IP, VLANS, Wirelss and more...

Transcription:

Lab #3 Defining the Scope and Structure for an IT Risk Management Plan Introduction Every company needs to take risks to thrive, but not too much risk which could be catastrophic. Finding the balanced amount of risk requires identifying what opportunities (or threats) are present, understanding how significant each of them is, recognizing what action to take to Jones & Bartlett smartly handle Learning, both LLC opportunities and risks, and Jones lastly, monitoring & Bartlett all Learning, of the above, LLCincluding NOT FOR SALE discovering OR DISTRIBUTION more prospects and threats. All told, NOT this FOR is called SALE risk OR management. DISTRIBUTION Specific to the seven domains of the IT infrastructure, this lab will cover IT risk management. In this lab, you will define the purpose of an IT risk management plan, you will define the scope for an IT risk management plan that encompasses the seven domains of a typical IT infrastructure, you Jones will relate & Bartlett the risks, Learning, threats, and LLC vulnerabilities to the plan, Jones and you & will Bartlett create Learning, LL an IT risk management NOT FOR plan SALE outline OR that DISTRIBUTION incorporates the five major parts of NOT an IT FOR risk SALE OR DISTRIBUT management process. Learning Jones & Objectives Bartlett Learning, LLC Upon NOT completing FOR SALE this OR lab, DISTRIBUTION you will be able to: Define the purpose and objectives of an IT risk management plan. Define the scope and boundary for an IT risk management plan to encompass the seven Jones & Bartlett domains Learning, of a LLC typical IT infrastructure. NOT FOR SALE OR Relate DISTRIBUTION identified risks, threats, and vulnerabilities NOT FOR SALE to an IT OR risk DISTRIBUTION management plan and risk areas. Incorporate the five major parts of an IT risk management process into a risk management plan s outline. Craft an outline Jones for & an Bartlett IT risk management Learning, LLC plan, which includes the seven Jones domains & Bartlett of a Learning, LL typical IT NOT infrastructure FOR SALE and OR the DISTRIBUTION five major parts of risk management NOT and risk FOR areas. SALE OR DISTRIBUT 18..

19 Deliverables Upon completion of Jones this lab, & Bartlett you are required Learning, to provide LLC the following deliverables Jones to & your Bartlett Learning, LL instructor: 1. Lab Report file; 2. Lab Assessments file. Copyright 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual..

20 LAB #3 Defining the Scope and Structure for an IT Risk Management Plan Hands-On Steps u Note: This is a paper-based NOT lab. FOR To successfully SALE OR complete DISTRIBUTION the deliverables for this lab, you will need NOT access FOR to Microsoft SALE OR DISTRIBUT Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. NOT FOR SALE 3. OR On DISTRIBUTION your local computer, open a new Internet NOT FOR browser SALE window. OR DISTRIBUTION 4. Using your favorite search engine, search for information on the IT risk management process. 5. Briefly review Jones at least & Bartlett five of the Learning, first page results. LLC 6. In the address box of your Internet browser, type the URL http://www.uvm.edu/~erm/riskassessmentguide.pdf and press Enter to open the Web site. 7. Review the PDF titled Guide to Risk Assessment & Response. u Note: Take special note of the University of Vermont s Guide to Risk Assessment & Response document and the insightful sections titled Things to Keep in Mind and Steps to Follow for each of the assessment steps. NOT FOR SALE 8. OR In DISTRIBUTION the address box of your Internet browser, NOT FOR type the SALE URL OR DISTRIBUTION http://www.education.nt.gov.au/ data/assets/pdf_file/0011/4106/risk_management_process.pdf and press Enter to open the Web site. 9. Review the PowerPoint slide deck titled The Risk Management Process. 10. In your Lab NOT Report FOR file, SALE describe OR DISTRIBUTION in what ways the risk management NOT process FOR in both SALE IT OR DISTRIBUT and non-it environments are similar. Briefly describe in your own words the five major steps of risk management: plan, identify, assess, respond, and monitor. Jones 11. In your & Bartlett Lab Report Learning, file, describe LLC the plan. NOT 12. FOR Review SALE the seven OR DISTRIBUTION domains of a typical IT infrastructure NOT (see FOR Figure SALE 1). OR DISTRIBUTION..

21 Figure 1 Seven domains NOT of a FOR typical SALE IT infrastructure OR DISTRIBUTION 13. Using the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure servicing patients with life-threatening conditions, review the risks in the following Jones table. & Bartlett Consider Learning, how you might LLC manage each risk and which Jones of & the Bartlett seven Learning, LL domains NOT each FOR one affects: SALE OR DISTRIBUTION Risks, Threats, and Vulnerabilities Unauthorized access from public Internet Hacker penetrates IT infrastructure Communication circuit outages Workstations Workstation operating system (OS) has a known software vulnerability Denial of service attack on organization s e-mail Remote communications from home office Jones & Bartlett Workstation Learning, browser LLC has software vulnerability NOT FOR SALE Weak OR ingress/egress DISTRIBUTION traffic-filtering degrades NOT performance FOR SALE OR DISTRIBUTION Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse Need to prevent rogue users from unauthorized WLAN access User destroys data in application, deletes all files, and gains access to internal network Fire destroys primary data center Intraoffice employee NOT romance FOR SALE gone OR bad DISTRIBUTION Loss of production data server Unauthorized access to organization-owned workstations LAN server OS has a known software vulnerability User Jones downloads & Bartlett an unknown Learning, e-mail LLC attachment Service NOT FOR provider SALE has OR a major DISTRIBUTION network outage Copyright 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual..

22 LAB #3 Defining the Scope and Structure for an IT Risk Management Plan User inserts CDs and USB hard drives with personal photos, music, and videos on organizationowned computers Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router 14. In your Lab Report file, for each of the domains, create an outline in the scope of your risk management plan. Include the following topics the five major parts of an IT risk management process for each domain: NOT FOR Risk SALE planning OR DISTRIBUTION Risk identification Risk assessment Risk response Jones & Bartlett Learning, Risk monitoring LLC u Note: This completes the lab. Close the Web browser, if you have not already done so...

23 Evaluation Criteria and Rubrics The following are Jones the evaluation & Bartlett criteria Learning, for this lab LLC that students must perform: 1. Define the purpose and objectives of an IT risk management plan. [20%] 2. Define the scope and boundary for an IT risk management plan to encompass the seven domains of a typical IT infrastructure. [20%] Jones 3. Relate & Bartlett identified Learning, risks, threats, LLCand vulnerabilities to an Jones IT risk management & Bartlett Learning, plan and risk LLC NOT FOR areas. SALE [20%] OR DISTRIBUTION 4. Incorporate the five major parts of an IT risk management process into a risk management plan s outline. [20%] 5. Craft an outline for an IT risk management plan, which includes the seven domains of a typical IT infrastructure and the five major parts of risk management and risk areas. [20%] Copyright 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual..

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback