Instructions are as follows
For #1, just list possible roles that may exist for this scenario. You can just make up the name of the role but please explain what the role does.
For #2, identify threats to the seven domains of IT within the organization. This is not necessarily based solely on the scenario because threats are not listed; just list threats that may exist, in general, to the seven domains in the context of how they may exist in this example. For example, for the workstation domain, this scenario indicates that Windows 7 workstations are in place.
For #3, identify vulnerabilities in the seven domains of IT within the organization. This is similar to #2. This is not necessarily based solely on the scenario because specific vulnerabilities are not listed; just list vulnerabilities that may exist, in general, to the seven domains in the context of how they may exist in this example.
For #4, identify threat/vulnerability pairs to determine threat actions that could pose risks to the organization. Your assigned reading should assist with this question.
For #5, estimate the likelihood of each threat action. Your assigned reading should assist with this question (just the likelihood not impact).
For #6, prepare a brief report or presentation of your findings for IT management to review. This just means answering the questions 1 - 5. Make sure you list the number for each one you are answering. Also, the report should be using a word-processing software such as Microsoft Word, Libre, Open Office, etc. (not pdf.) It should be double spaced 12 pt. Times New Roman font.
Introduction:
In managing risks in an organization, professionals in the information technology (IT) department conduct research to identify threats, vulnerabilities, and threat/vulnerability pairs. Then, the IT professionals determine the likelihood of each threat occurring. The IT professionals present this information to IT management, whose role in risk management is to determine and recommend approaches to manage these risks. IT management then presents these recommendations to the senior management, whose role is to allocate resources, specifically money and employees, to prepare for and respond to identified threats and vulnerabilities appropriately.
This activity allows you to fulfill the role of IT professionals in a small business tasked with identifying threats, vulnerabilities, and threat/vulnerability pairs; estimating the likelihood of these threats occurring; and present this information to IT management.
Scenario:
YieldMore is a small agricultural company, which produces and sells fertilizer products. The company headquarters is in a small town in Indiana. Outside its headquarters, there are two large production facilities-one in Nebraska and other in Oklahoma. Furthermore, YieldMore employs salespersons in every state in the U.S. to serve its customers locally.
The company has three servers located at its headquarters-Active Directory server, a Linux application server, and an Oracle database server. The application server hosts YieldMore's primary software application, which is a proprietary program managing inventory, sales, supply-chain, and customer information. The database server manages all data stored locally with direct attached storage.
All three major sites use Ethernet cabled local area networks (LANs) to connect the users Windows 7 workstations via industry standard managed switches.
The remote production facilities connect to headquarters via routers T-1 LAN connections provided by an external Internet service provider (ISP), and share an Internet connection through a firewall at headquarters.Individual salespersons throughout the country connect to YieldMore's network via virtual private network (VPN) software through their individual Internet connections, typically in a home office.
Task 1:
You will be assigned to a team where you need to assume the roles of IT professionals assigned by YieldMore's IT management to conduct the following risk management tasks:
1. Some of the possible roles that could be fulfilled by the team members are: server manager, network manager, database manager, and security manager. You as a team have to decide for which functional area each of you will be responsible and who will be the team leader.
2. Identify threats to the seven domains of IT within the organization.
3. Identify vulnerabilities in the seven domains of IT within the organization.
4. Identify threat/vulnerability pairs to determine threat actions that could pose risks to the organization.
5. Estimate the likelihood of each threat action.
6. Prepare a brief report or presentation of your findings for IT management to review.
Rubric:
1. Did the team establish an appropriate functional area for each member and pick a leader?
2. Did the team identify all of the threats in the organization?
3. Did the team identify all of the vulnerabilities in the organization?
4. Did the team identify the threat/vulnerability pairs and use them to determine threat actions that could pose risks to the organization?
5. Were the team's estimates the likelihood of each threat action logical and plausible?
6. Did the team create a professional, well-developed report with proper grammar, spelling, and punctuation?