1. Create a table with three columns, labeled with each heading as follows:Risk - Threat - Vulnerability;Primary Domain Impacted;Risk Impact/Factor.Given the list below, perform a qualitative risk assessment:Determine which typical IT domain is impacted by each risk/threat/vulnerability in the "Primary Domain Impacted" column.
   1. Unauthorized access from public Internet
   2. User destroys data in application and deletes all files
   3. Hacker penetrates your IT infrastructure and gains access to your internal network
   4. Intra-office employee romance gone bad
   5. Fire destroys primary data center
   6. Service provider SLA is not achieved
   7. Workstation OS has a known software vulnerability
   8. Unauthorized access to organization owned workstations
   9. Loss of production data
   10. Denial of service attack on organization
   11. DMZ and e-mail server
   12. Remote communications from home office
   13. LAN server OS has a known software vulnerability
   14. User downloads and clicks on an unknown unknown e-mail attachment
   15. Workstation browser has software vulnerability
   16. Mobile employee needs secure browser access to sales order entry system
   17. Service provider has a major network outage
   18. Weak ingress/egress traffic filtering degrades performance
   19. User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers
   20. VPN tunneling between remote computer and ingress/egress router is needed
   21. WLAN access points are needed for LAN connectivity within a warehouse
   22. Need to prevent eavesdropping on WLAN due to customer privacy data access
   23. DoS/DDoS attack from the WAN/Internet
2. Analysis: Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a "1", "2", and "3" next to each risk, threat, vulnerability in the "Risk Impact/Factor" column. "1" = Critical, "2" = Major, "3" = Minor. Use the following qualitative risk impact/risk factor metrics:
   1. "1" Critical - a risk, threat, or vulnerability that impacts compliance (i.e., privacy law requirement for securing privacy data and implementing proper security controls, etc.) and places the organization in a position of increased liability
   2. "2"Major - a risk, threat, or vulnerability that impacts the C-I-A of an organization's intellectual property assets and IT infrastructure
   3. "3"Minor - a risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
3. Report: Craft an executive summary for management using the following 4-paragraph format. The executive summary must address the following topics:
   1. Purpose of the risk assessment & summary of risks, threats, and vulnerabilities found throughout the IT infrastructure
   2. Prioritization of critical, major, minor risk assessment elements
   3. Risk assessment and risk impact summary
   4. Recommendations and next steps
4. Reflection: Answer the following assessment worksheet questions pertaining to your qualitative IT risk assessment you performed.
   1. What is the goal or objective of an IT risk assessment?
   2. Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure?
   3. What was your rationale in assigning "1" risk impact/ risk factor value of "Critical" for an identified risk, threat, or vulnerability?
   4. When you assembled all of the "1" and "2" and "3" risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the "1", "2", and "3" risk elements? What would you say to executive management in regard to your final recommended prioritization?