Scribd
Upload
29 views4 pages

Lab9-IAP301-HE172600-IA1802

The document outlines an assessment worksheet for an IT security policy framework, detailing risks, threats, and vulnerabilities across various IT domains. It includes a sample IT security policy framework definition that aligns specific risks with corresponding policy definitions. Additionally, it contains a series of assessment questions and answers regarding the purpose and implementation of these policies.

Uploaded by

chudang24k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views4 pages

Lab9-IAP301-HE172600-IA1802

The document outlines an assessment worksheet for an IT security policy framework, detailing risks, threats, and vulnerabilities across various IT domains. It includes a sample IT security policy framework definition that aligns specific risks with corresponding policy definitions. Additionally, it contains a series of assessment questions and answers regarding the purpose and implementation of these policies.

Uploaded by

chudang24k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Lab #9 – Assessment Worksheet

Assess and Audit an Existing IT Security Policy Framework Definition

Course Name: IAP301

Student Name: DangCLMHE172600

Instructor Name: Hoàng Tuấn Anh

Lab Due Date: 20/3/2025

Part A – Risks, Threats, & Vulnerabilities in the Seven Domains of a typical IT Infrastructure

Risk – Threat – Vulnerability Primary domain Impacted


Unauthorized access from public Internet Remote Access Domain
User destroys data in application and deletes System/Application domain
all files
Hacker penetrates your IT infrastructure System/Application domain
and gains access to your internal network
Intra-office employee romance gone bad User domain
Fire destroys primary data center System/Application domain
Communication circuit outages WAN domain
Workstation OS has a known software Workstation domain
vulnerability
Unauthorized access to organization owned Remote Access domain
Workstations
Loss of production data System/Application domain
Denial of service attack on organization e- System/Application domain
mail
Remote communications from home office Remote Access domain
LAN server OS has a known software LAN-to-WAN domain
vulnerability
User downloads an unknown e –mail User domain
attachment
Workstation browser has software Workstation domain
vulnerability
Service provider has a major network outage WAN domain
Weak ingress/egress traffic filtering degrades LAN domain
Performance
User inserts CDs and USB hard drives Workstation domain
with personal photos, music, and videos on
organization owned computers
VPN tunneling between remote computer Remote Access domain
and ingress/egress router
WLAN access points are needed for LAN LAN-to-WAN domain
connectivity within a warehouse
Need to prevent rogue users from LAN-to-WAN domain
unauthorized WLAN access

Part B – Sample IT Security Policy Framework Definition

Risk – Threat – Vulnerability IT Security Policy Definition


Unauthorized access from public Internet Asset Protection Policy
User destroys data in application and deletes Asset Management Policy
all files
Hacker penetrates your IT infrastructure Threat Assessment & Management Policy
and gains access to your internal network
Intra-office employee romance gone bad Acceptable Use Policy
Fire destroys primary data center Asset Protection Policy
Communication circuit outages Asset Management Policy
Workstation OS has a known software Vulnerability Assessment & Management
vulnerability Policy
Unauthorized access to organization owned Asset Protection Policy
Workstations
Loss of production data Asset Management Policy
Denial of service attack on organization e- Threat Assessment & Management Policy
mail
Remote communications from home office Acceptable Use Policy
LAN server OS has a known software Vulnerability Assessment & Management
vulnerability Policy
User downloads an unknown e –mail Security Awareness Training Policy
attachment
Workstation browser has software Vulnerability Assessment & Management
vulnerability Policy
Service provider has a major network outage Asset Management Policy
Weak ingress/egress traffic filtering degrades Threat Assessment & Management Policy
Performance
User inserts CDs and USB hard drives Acceptable Use Policy
with personal photos, music, and videos on
organization owned computers
VPN tunneling between remote computer Asset Protection Policy
and ingress/egress router
WLAN access points are needed for LAN Asset Identification & Classification Policy
connectivity within a warehouse
Need to prevent rogue users from Asset Protection Policy
unauthorized WLAN access
Lab Assessment Questions & Answers

1. What is the purpose of having a policy framework definition as opposed to individual


policies?

Sets the rules and guidelines for the principles used by an organization to obtain long term
goals. To provide general guidelines that individual policies will define explicitly.

2. When should you use a policy definition as a means of risk mitigation and element of a
layered security strategy?

You should use a policy definition as a means of risk mitigation and element of a layered
security strategy when you start a business or before you start a business in order to have
everything covered before a risk, threat or vulnerability happens.

3. In your gap analysis of the IT security framework definition provided, which policy definition
was missing for all access to various IT systems, applications, and data throughout the scenario?

Incident Response Policy Definition.

Third-party Risk Policy Definition.

4. Do you need policies for your telecommunication and Internet service providers?

Yes

5. Which policy definitions from the list provided in Lab #9 – Part B helps optimize performance
of an organization’s Internet connection?

Asset management policy.

6. What is the purpose of a Vulnerability Assessment & Management Policy for an IT


infrastructure?

A vulnerability assessment aims to uncover vulnerabilities in a network and recommend the


appropriate mitigation or remediation to reduce or remove the risks.

7. Which policy definition helps achieve availability goals for data recovery when data is lost or

corrupted?

Threat assessment and management policy.

8. Which policy definitions reference a Data Classification Standard and use of cryptography for
confidentiality purposes?

Security awareness training policy.

9. Which policy definitions from the sample IT security policy framework definition mitigate risk
in the User Domain?

Asset protection policy.

10. Which policy definition from the sample IT security policy framework definition mitigates
risk in the LAN-to-WAN Domain?

Asset identification and classification policy.

You might also like