Using the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure servicing patients with life-threatening conditions, review the risks in the following table. Consider how you might manage each risk and which of the seven domains each one affects:
Risks, Threats, and Vulnerabilities Unauthorized access from public Internet
Hacker penetrates IT infrastructure
Communication circuit outages
Workstations
Workstation operating system (OS) has a known software vulnerability
Denial of service attack on organization’s e-mail
Remote communications from home office
Workstation browser has software vulnerability
Weak ingress/egress traffic-filtering degrades performance
Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse
Need to prevent rogue users from unauthorized WLAN access
User destroys data in application, deletes all files, and gains access to internal network
Fire destroys primary data center
Intraoffice employee romance gone bad
Loss of production data server
Unauthorized access to organization-owned workstations
LAN server OS has a known software vulnerability
User downloads an unknown e-mail attachment
Service provider has a major network outage
A technician inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers
User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers
Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router
For each of the domains, create an outline in the scope of your risk management plan. Include the following topics: The five major parts of an IT risk management process for each domain:
Risk Planning
Risk identification
Risk assessment
Risk response
Risk monitoring