Assessment Worksheet
Use file:///C:/Users/Jamie/Downloads/Lab03_SLMx_Risk20%20(3).pdf
Defining the Scope and Structure for an IT Risk ManagementPlan
Course Name and Number:_____________________________________________________
Student Name:________________________________________________________________
Instructor Name:______________________________________________________________
Lab Due Date:________________________________________________________________
Overview
In this lab, you defined the purpose of an IT riskmanagement plan, you defined the scope for an
IT risk management plan that encompasses the seven domainsof a typical IT infrastructure, you
related the risks, threats, and vulnerabilities to the plan,and you created an IT risk management
plan outline that incorporates the five major parts of an ITrisk management process.
Lab Assessment Questions & Answers
1. What is the goal or objective of an IT risk managementplan?
2. What are the five fundamental components of an IT riskmanagement plan?
The five fundamentals to risk management plan areidentifying, analyzing, evaluating, and ultimately responding to and monitoringrisk.
3. Define what risk planning is.
4. What is the first step in performing risk management?
5. What is the exercise called when you are trying to gaugehow significant a risk is?
6. What practice helps address a risk?
7. What ongoing practice helps track risk in real time?
8. True or False: Once a company completes all riskmanagement steps (identification, assessment,
response, and monitoring), the task is done.
9. Given that an IT risk management plan can be large inscope, why is it a good idea to develop a
risk management plan team?
10. In the seven domains of a typical IT infrastructure,which domain is the most difficult to plan,
identify, assess, treat, and monitor?
11. Which compliance laws or standards does the health careorganization mentioned in the HandsOn
Steps have to comply with (consider these: Health InsurancePortability and Accountability
Act [HIPAA], Gramm-Leach-Bliley Act [GLBA], and FamilyEducational Rights and Privacy Act
[FERPA])? How does this impact the scope and boundary of itsIT risk management plan?
12. How did the risk identification and risk assessment ofthe identified risks, threats, and
vulnerabilities contribute to your IT risk management planoutline?
13. What risks, threats, and vulnerabilities did youidentify and assess that require immediate risk
mitigation given the criticality of the threat orvulnerability?
14. For risk monitoring, what are some techniques or toolsyou can implement in each of the seven
domains of a typical IT infrastructure to help mitigaterisk?
15. For risk mitigation, what processes and procedures canhelp streamline and implement riskmitigation
solutions to the production IT infrastructure?
16. What is the purpose of a risk register?
17. How does risk response impact change control managementand vulnerability management?
Part 2
file:///C:/Users/Jamie/Downloads/Lab04_SLMx_Risk20%20(1).pdf
Lab Assessment Questions & Answers
1. What is an IT risk assessments goal or objective?
2. Why is it difficult to conduct a quantitative riskassessment for an IT infrastructure?
3. What was your rationale in assigning a 1 riskimpact/risk factor value of Critical to an
identified risk, threat, or vulnerability?
4. After you had assigned the 1, 2, and 3 riskimpact/risk factor values to the identified risks,
threats, and vulnerabilities, how did you prioritize the1, 2, and 3 risk elements? What
would you say to executive management about your finalrecommended prioritization?
5. Identify a risk-mitigation solution for each of thefollowing risk factors:
a. User downloads and clicks on an unknown e-mail attachment
b. Workstation OS has a known software vulnerability
c. Need to prevent eavesdropping on WLAN due to customerprivacy data access
d. Weak ingress/egress traffic-filtering degradesperformance
e. DoS/DDoS attack from the WAN/Internet
f. Remote access from home office
g. Production server corrupts database
