USA: +1(669)289-8683 
Sign in
INSTRUCTOR VERSION
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
Lab #1 Identifying Threats and Vulnerabilities in an IT
Infrastructure
Introduction
The task of identifying risks in an IT environment can become overwhelming. Once your mind
starts asking “what if…?” about one IT area, you quickly begin to grasp how many
vulnerabilities exist across the IT spectrum. It may seem impossible to systematically search for
risks across the whole IT environment.
Thankfully, a solution is at hand that simplifies identifying threats and vulnerabilities in an IT
infrastructure. That method is to divide the infrastructure into the seven domains: Wide Area
Network (WAN), Local Area Network-to-Wide Area Network (LAN-to-WAN), Local Area
Network (LAN), Workstation, User, System/Application, and Remote Access. Systematically
tackling the seven individual domains of a typical IT infrastructure helps you organize the roles,
responsibilities, and accountabilities for risk management and risk mitigation.
Learning Objectives
Identify common risks, threats, and vulnerabilities found throughout the seven domains of a
typical IT infrastructure.
Align risks, threats, and vulnerabilities to one of the seven domains of a typical IT
infrastructure.
Given a scenario, prioritize risks, threats, and vulnerabilities based on their risk impact to the
organization from a risk-assessment perspective.
Prioritize the identified critical, major, and minor risks, threats, and software vulnerabilities
found throughout the seven domains of a typical IT infrastructure.
Deliverables
Review Chapter #1 and Chapter #2 –
Students are required to provide the following deliverables as part of this lab:
Lab #1 – Assessment Test -complete and submit
Identify and map the following 20 risks, threats, and vulnerabilities to the seven domains of a
typical IT infrastructure within Lab 1 assessment test
1
Copyright © by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
4 | LAB #1 Identifying Threats and Vulnerabilities in an IT
Infrastructure
Risks, Threats, and Vulnerabilities
Unauthorized access from public Internet
Primary Domain Impacted
Hacker penetrates IT infrastructure through
modem bank
Communication circuit outages
Workstation operating system (OS) has a
known software vulnerability
Denial of service attack on organization’s email
server
Remote communications from home office
Workstation browser has software vulnerability
Weak ingress/egress traffic-filtering degrades
performance
Wireless Local Area Network (WLAN) access
points are needed for LAN connectivity within a
warehouse
Need to prevent rogue users from unauthorized
WLAN access
Doctor destroys data in application, deletes all
files, and gains access to internal network
Fire destroys primary data center
Intraoffice employee romance gone bad
Loss of production data server
Unauthorized access to organization-owned
workstations
LAN server OS has a known software
vulnerability
Nurse downloads an unknown e-mail
attachment
Service provider has a major network outage
A technician inserts CDs and USB hard drives
with personal photos, music, and videos on
organization-owned computers
Virtual Private Network (VPN) tunneling
between the remote computer and
ingress/egress router
Note:
Some risks will affect multiple IT domains. In fact, in real-world environments, risks and their
direct consequences will most likely span across several domains. This is a big reason to
implement controls in more than one domain to mitigate those risks.
