3/11/2020 Lab View

https://jbl-lti.hatsize.com/labguide 1/1

LAB GUIDE 

Hands-On Steps

Introduction1.

Learning Objectives2.

Deliverables3.

Hands-On Steps4.

1. On your local computer, create a new document.

You will use this document as your Lab Report.

2. On your local computer, open a new web browser window.

3. Using your favorite search engine, search for information on the IT risk management process.

4. Brie�y review at least �ve of the �rst page results.

5. In your browser, navigate to https://www.uvm.edu/sites/default/�les/UVM-Risk-Management-and- Safety/Guide_to_Risk_Opportunity_Assessment_Response.pdf(https://www.uvm.edu/sites/default/�les/UVM-Risk-Management- and-Safety/Guide_to_Risk_Opportunity_Assessment_Response.pdf).

6. Review the PDF titled “Guide to Risk Assessment & Response.”

7. In your browser, navigate to https://web.archive.org/web/20130418005540/http://www.education.nt.gov.au/__data/assets/pdf_�le/0011/4106/risk_management

8. Review the PowerPoint slide deck titled “The Risk Management Process.”

9. In your Lab Report �le, describe in what ways the risk management process in both IT and non-IT environments are similar. Brie�y describe in your own words the �ve major steps of risk management: plan, identify, assess, respond, and monitor.

Note: Take special note of the University of Vermont’s “Guide to Risk Assessment & Response” document and the insightful sections titled “Things to Keep in Mind” and “Steps to Follow” for each of the assessment steps.

De�ning the Scope and Structure for an IT Risk Management Plan





3/11/2020 Lab View

https://jbl-lti.hatsize.com/labguide 1/1

LAB GUIDE 

Hands-On Steps

Introduction1.

Learning Objectives2.

Deliverables3.

Hands-On Steps4.

10. In your Lab Report �le, describe the plan.

11. Review the seven domains of a typical IT infrastructure.  

Seven Domains

12. Assume the following table of risks, threats, and vulnerabilities were found in a health care IT infrastructure servicing patients with life-threatening conditions. Review the risks in the table. Consider how you might manage each risk and which of the seven domains each one affects:

De�ning the Scope and Structure for an IT Risk Management Plan

3/11/2020 Lab View

https://jbl-lti.hatsize.com/labguide 1/1

LAB GUIDE 

Hands-On Steps

Introduction1.

Learning Objectives2.

Deliverables3.

Hands-On Steps4.

domains each one affects:  

Risks, Threats, and Vulnerabilities

Unauthorized access from public Internet

Hacker penetrates IT infrastructure and gains access to your internal network

Communication circuit outages

Workstation operating system (OS) has a known software vulnerability

Denial of service attack on organization’s e-mail          

Remote communications from home o�ce

Workstation browser has software vulnerability

Weak ingress/egress tra�c-�ltering degrades performance

Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse  

Need to prevent rogue users from unauthorized WLAN access

User destroys data in application, deletes all �les, and gains access to internal network

Fire destroys primary data center

Intrao�ce employee romance gone bad

Loss of production data server

Unauthorized access to organization-owned workstations

LAN server OS has a known software vulnerability

User downloads an unknown e-mail attachment

Service provider has a major network outage

User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

13. In your Lab Report �le, for each of the domains, create an outline in the scope of your risk management plan. Include the following topics—the �ve major parts of an IT risk management process—for each domain:

De�ning the Scope and Structure for an IT Risk Management Plan

3/11/2020 Lab View

https://jbl-lti.hatsize.com/labguide 1/1

LAB GUIDE 

Hands-On Steps

Introduction1.

Learning Objectives2.

Deliverables3.

Hands-On Steps4.

10. In your Lab Report �le, describe the plan.

11. Review the seven domains of a typical IT infrastructure.  

Seven Domains

12. Assume the following table of risks, threats, and vulnerabilities were found in a health care IT infrastructure servicing patients with life-threatening conditions. Review the risks in the table. Consider how you might manage each risk and which of the seven domains each one affects:

De�ning the Scope and Structure for an IT Risk Management Plan

3/11/2020 Lab View

https://jbl-lti.hatsize.com/labguide 1/1

LAB GUIDE 

Hands-On Steps

Introduction1.

Learning Objectives2.

Deliverables3.

Hands-On Steps4.

Remote communications from home o�ce

Workstation browser has software vulnerability

Weak ingress/egress tra�c-�ltering degrades performance

Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse  

Need to prevent rogue users from unauthorized WLAN access

User destroys data in application, deletes all �les, and gains access to internal network

Fire destroys primary data center

Intrao�ce employee romance gone bad

Loss of production data server

Unauthorized access to organization-owned workstations

LAN server OS has a known software vulnerability

User downloads an unknown e-mail attachment

Service provider has a major network outage

User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers

Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

13. In your Lab Report �le, for each of the domains, create an outline in the scope of your risk management plan. Include the following topics—the �ve major parts of an IT risk management process—for each domain:

Risk planning Risk identi�cation Risk assessment Risk response Risk monitoring

Note: This completes the lab. Close the web browser, if you have not already done so.

De�ning the Scope and Structure for an IT Risk Management Plan