The task of identifying risks in an IT environment can become overwhelming. Once your mind starts asking “what if...?” about one IT area, you quickly begin to grasp how many vulnerabilities exist across the IT spectrum. It may seem impossible to systematically search for risks across the whole IT environment.
Thankfully, a solution is at hand that simplifies identifying threats and vulnerabilities in an IT infrastructure. That method is to divide the infrastructure into the seven domains: Wide Area Network (WAN), Local Area Network-to-Wide Area Network (LAN-to-WAN), Local Area Network (LAN), Workstation, User, System/Application, and Remote Access. Systematically tackling the seven individual domains of a typical IT infrastructure helps you organize the roles, responsibilities, and accountabilities for risk management and risk mitigation.
In this lab, you will identify known risks, threats, and vulnerabilities, and you will organize them. Finally, you will map these risks to the domain that was impacted from a risk management perspective.
Learning Objectives
Upon completing this lab, you will be able to:
Identify common risks, threats, and vulnerabilities found throughout the seven domains of a typical IT infrastructure.
Align risks, threats, and vulnerabilities to one of the seven domains of a typical IT infrastructure.
Given a scenario, prioritize risks, threats, and vulnerabilities based on their risk impact to the organization from a risk-assessment perspective.
Prioritize the identified critical, major, and minor risks, threats, and software vulnerabilities found throughout the seven domains of a typical IT infrastructure.