After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What would you say to executive management about your final recommended prioritization?

Assessment Worksheet
Performing a Qualitative Risk Assessment for an IT Infrastructure
Course Name and Number: _____________________________________________________

Student Name: ________________________________________________________________
Instructor Name: ______________________________________________________________
Lab Due Date: ________________________________________________________________
Overview
In this lab, you defined the purpose of an IT risk assessment, you aligned identified risks, threats,
and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT
infrastructure, you classified the risks, threats, and vulnerabilities, and you prioritized them.
Finally, you wrote an executive summary that addresses the risk assessment findings, risk
assessment impact, and recommendations to remediate areas of noncompliance.
Lab Assessment Questions & Answers
1. What is an IT risk assessment’s goal or objective?
2. Why is it difficult to conduct a quantitative risk assessment for an IT infrastructure?
3. What was your rationale in assigning a “1” risk impact/risk factor value of “Critical” to an
identified risk, threat, or vulnerability?
4. After you had assigned the “1,” “2,” and “3” risk impact/risk factor values to the identified risks,
threats, and vulnerabilities, how did you prioritize the “1,” “2,” and “3” risk elements? What
would you say to executive management about your final recommended prioritization?
35
Copyright © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Student Lab Manual
5. Identify a risk-mitigation solution for each of the following risk factors:
a. User downloads and clicks on an unknown e-mail attachment
b. Workstation OS has a known software vulnerability
c. Need to prevent eavesdropping on WLAN due to customer privacy data access
d. Weak ingress/egress traffic-filtering degrades performance
e. DoS/DDoS attack from the WAN/Internet
f. Remote access from home office
g. Production server corrupts database