Lab #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Resides

 In this lab, you will create an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure, you will perform an asset identification and classification exercise, you will explain how a data classification standard is linked to customer privacy data and security controls, and you will identify where privacy data resides and what security controls are needed to maintain compliance. 

 Learning Objectives :

Upon completing this lab, you will be able to: Create an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure. Perform an asset identification and asset classification exercise for a typical IT infrastructure. Explain how a data classification standard is linked to customer privacy data protection and proper security controls. Identify where privacy data can reside or traverse throughout the seven domains of a typical IT infrastructure. Identify where privacy data protection and proper security controls are needed to assist organizations with maintaining compliance. 

 Deliverables : 

Upon completion of this lab, you are required to provide the following deliverables to your instructor:

 1. Lab Report file; 2. Lab Assessments file. 

 Hands-On Steps :

 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Review the seven domains of a typical IT infrastructure. 

 4. Review Figure 2, which is a Mock IT infrastructure with a Cisco core backbone network 

 5. Refer to Figure 2 and note the following information, which describes the details of the Workstation Domain and System/Application Domain at a health care provider under the Health Insurance Portability and Accountability Act (HIPAA) compliance law:  Workstation Domain: Indicated by the “B” in Figure 2, the Workstation Domain consists of Microsoft® XP 2003, SP2 workstations (50), laptops (50), and desktop computers (50).  System/Application Domain: Indicated by the “G” in Figure 2, the System/Application Domain consists of the following servers and applications: o Linux® Server #1 (Domain Name Server [DNS], File Transfer Protocol [FTP], and Trivial File Transfer Protocol [TFTP]) o Linux® Server #2 (Web Server) o Microsoft® Server #1 (e-Commerce Server and Customer Database Subset) o Microsoft® Server #2 (Master Structured Query Language [SQL] Customer Database and Intellectual Property Assets) o Microsoft® Server #3 (Office Automation, Dynamic Host Configuration Protocol [DHCP] Server, and Customer Database Subset) o Microsoft® Server #4 (E-mail Server) 

 6. In your Lab Report file, use the following table to identify three to five IT assets and insert them into the table. Indicate in which of the seven domains of an IT infrastructure the asset resides. Indicate if the asset accesses customer privacy data or contains customer privacy data. Finally, classify the IT asset as Critical, Major, or Minor, where the following defines each:  Critical: Generates revenues or represents intellectual property asset of organization  Major: Contains customer privacy data  Minor: Required for normal business functions and operations IT Asset Description Seven Domains of Typical IT Privacy Data Impact Assessment [Critical-Major-Minor] Note: Pay attention to the descriptions of the various System/Application assets. Individual assets may fall into different assessment categories. The same certainly holds true for real-world environments you will assess. The guiding question should always be “What does this asset do?” or “What sort of data does it hold?” 7. In your Lab Report file, explain how a data classification standard is related to customer privacy data protection and security controls.