1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?
2. Based on your executive summary produced in the Performing a Qualitative Risk Assessment for
an IT Infrastructure lab in this lab manual, what is the primary focus of your message to executive
3. Given the scenario for your IT risk-mitigation plan, what influence did your scenario have on
prioritizing your identified risks, threats, and vulnerabilities?
4. What risk-mitigation solutions do you recommend for handling the following risk element: User
inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned
5. What is a security baseline definition?
6. What questions do you have for executive management to finalize your IT risk-mitigation plan?
7. What is the most important risk-mitigation requirement you uncovered and want to communicate
to executive management? In your opinion, why is this the most important risk-mitigation
8. Based on your IT risk-mitigation plan, what is the difference between short-term and long-term
risk-mitigation tasks and ongoing duties?
9. For which of the seven domains of a typical IT infrastructure is it easy to implement riskmitigation solutions but difficult to monitor and track effectiveness?
10. Which of the seven domains of a typical IT infrastructure usually contains privacy data in
systems, servers, and databases?
11. Which of the seven domains of a typical IT infrastructure can access privacy data and also store it
on local hard drives and disks?
12. Why is the Remote Access Domain the most risk-prone of all in a typical IT infrastructure?
13. When considering the implementation of software updates, software patches, and software fixes,
why must you test the upgrade or software patch before you implement it as a risk-mitigation
14. Are risk-mitigation policies, standards, procedures, and guidelines needed as part of your longterm risk-mitigation plan? Why or why not?
15. If an organization under a compliance law is not in compliance, how critical is it for your
organization to mitigate this noncompliance risk element?
Chapter 10 of the course text addresses assessing the legal and compliance issues an organization may face. For this discussion, select one of the compliance laws, regulations, or mandates listed on page 266 and discussed in further detail between pages 266-273. Discuss how this law, regulation or mandate relates to your current business and what your business is doing to ensure compliance.
Chapter 11 of the course text discusses methods for taking the risk assessment for an organization and turning it in to a mitigation plan. Looking at your own organization, where do they currently apply budget dollars for risk mitigation in technology? Are there additional areas where it appears more should be done? What may be the reasons the organization is taking this approach? Following the information presented in the chapter, what areas are recommended which most directly apply to your organization?