1. Why is it important to prioritize your IT infrastructure risks, threats, and

Question

1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? 2. Based on your executive summary produced in the Performing a Qualitative Risk Assessment for an IT Infrastructure lab in this lab manual, what is the primary focus of your message to executive management? 3. Given the scenario for your IT risk-mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? 4. What risk-mitigation solutions do you recommend for handling the following risk element: User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers? 5. What is a security baseline definition? 6. What questions do you have for executive management to finalize your IT risk-mitigation plan? 7. What is the most important risk-mitigation requirement you uncovered and want to communicate to executive management? In your opinion, why is this the most important risk-mitigation requirement? 8. Based on your IT risk-mitigation plan, what is the difference between short-term and long-term risk-mitigation tasks and ongoing duties? 9. For which of the seven domains of a typical IT infrastructure is it easy to implement riskmitigation solutions but difficult to monitor and track effectiveness? 10. Which of the seven domains of a typical IT infrastructure usually contains privacy data in systems, servers, and databases? 11. Which of the seven domains of a typical IT infrastructure can access privacy data and also store it on local hard drives and disks? 12. Why is the Remote Access Domain the most risk-prone of all in a typical IT infrastructure? 13. When considering the implementation of software updates, software patches, and software fixes, why must you test the upgrade or software patch before you implement it as a risk-mitigation tactic? 14. Are risk-mitigation policies, standards, procedures, and guidelines needed as part of your longterm risk-mitigation plan? Why or why not? 15. If an organization under a compliance law is not in compliance, how critical is it for your organization to mitigate this noncompliance risk element?

Explanation / Answer

1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?

Answer:

It is important to prioritize your IT infrastructure risks, threats, and vulnerabilities to form a basis for allocating resources. Of all the risks, threats and vulnerabilities some of the issues might be critical or major and it is important for the organization to get rid of those risks to avoid any loss of money, reputation and other sources. This could possibly happen when we prioritize the risks so that the organization could take correct decisions in eliminating or mitigating the risks. This highly helps an organization to knowwhich threats have to be eliminated on an immediate basis and which threats could be solved later according to the criticality of the issue. That is why it is highly important to prioritize your IT infrastructure risks, threats, and vulnerabilities.

2)Answer:

My primary focus would be on informing the management about the various levels and probabilities of risks, threats and vulnerabilities that could affect the business. I would also focus on a list of basic measures which includes using strong firewalls, standard operating procedures for all employees, implementing password policy which ultimately relates to the name, fame and reputation of the company.

3.Given the scenario for your IT risk-mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities?

Answer:

Identifying the risks, threats and vulnerabilities will be the major step in the mitigation plan and any change in the scenario might change the criticality of the risks and the issues which are considered to me critical or major would be given utmost importance to either eliminate or mitigate them. The issue might be related to compliancelaws, user activity or any virus activity but the prioritization of the risks is the first step tomitigate the worst effects.

4)Answer:

The risk mitigation solution that I would recommend is to make sure that there is an anti-virus/ anti-spyware program installed where it will scan theCD/USB. Besides installing those programs, I would recommend that whatever the user is trying to insert must be authorized and approved before they may insert on the device that is connected to the network.

5)Answer:

A security baseline is the starting point that supplies the guideline for a certain type of technology that is used within an organization and it is the lowest of security settings that are used within security policies.

6)Answer:

Does the organization have the budget to follow through with the mitigation plan?

What are the priorities of the organization when it comes to the mitigation plan?

7.What is the most important risk-mitigation requirement you uncovered and want to communicate to executive management?

Answer:

In your opinion, why is this the most important risk-mitigation requirement? The most important risk-mitigation requirement that I uncovered and wantto communicate to executive management would be the Risk Impact Assessment. Reason being because the risk impact assessment can impact the cost, schedule, and or the technical performance objectives of the project

8)Answer:

The short-term risk- mitigation tasks that can be fixed in a timely fashion and they will not have a long-term effect on the organization.The long-term risk-mitigation tasks can involve risks that have complicated issues and that could shut down an organization and leek out sensitive information.On-going duties are tasks that are completed daily in order to keep the organizations risks to a minimum.

9.For which of the seven domains of a typical IT infrastructure is it easy to implement risk- mitigation solutions but difficult to monitor and track effectiveness?

Answer:

Of the seven domains I think that the remote access domain would be the easiest to implement risk-mitigation solutions but difficult to monitor and track because you are able to gain access to a network without even being in the main location of the network which can lead to the information that is on that network to be hacked

10)Answer:

System/Application domain

11. Which of the seven domains of a typical IT infrastructure can access privacy data and also store it on local hard drives and disks?

Answer:

Workstation domain

12. Why is the Remote Access Domain the most risk prone of all within a typical IT infrastructure?

Answer:

It gives access to the private network to users not within the physical network.

13. When considering the implementation of software updates, software patches, and software fixes, why must you test this upgrade or software patch before you implement this as a risk mitigation tactic?

Answer:

Testing is necessary because you must find out what affect the upgrade or patch could have on all other systems in the network.

14. Are risk mitigation policies, standards, procedures, and guidelines needed as part of your long- term risk mitigation plan? Why or why not?

Answer:

They are needed for long term risk mitigation planning in order to maintain compliance with laws. Also it gives a point of reference as standards and laws change.

15. If an organization under a compliance law is not in compliance, how critical is it for your organization to mitigate this non-compliance risk element?

Answer:

It is critical because of fines accrued by not meeting compliance. Or the company could be shut down until it meets compliance

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.