Risk Threat Vulnerability	Primary Domain Impacted
Unauthorized access from public Internet
User destroys data in application and deletes all files
Hacker penetrates your IT infrastructure and gains access to your internal network
Fire destroys primary data center
Communication circuit outages
Workstation OS has a known software vulnerability
Unauthorized access to organization owned workstations
Denial of service attack on organization e-mail server
Remote communications from home office
LAN server OS has a known software vulnerability
User downloads an unknown e-mail attachment
Workstation browser has software vulnerability
Service provider has a major network outage
User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers
VPN tunneling between remote computer and ingress/egress router
WLAN access points are needed for LAN connectivity within a warehouse

Given the scenario of a healthcare organization, answer the following assessment questions from a risk management perspective. Copy these questions into the same Word document, and then answer them: Of the listed risks, threats, and vulnerabilities identified in the table above, which one requires a disaster recovery plan and business continuity plan to maintain continued operations during a catastrophic outage? Which domain represents the greatest risk and uncertainty to an organization? Which domain requires stringent access controls and encryption for connectivity to corporate resources from home? Which domain requires annual security awareness training and employee background checks for sensitive positions to help mitigate risk from employee sabotage? Which domains need software vulnerability assessments to mitigate risk from software vulnerabilities? Which domain requires AUPs to minimize unnecessary User initiated Internet traffic and can be monitored and controlled by web content filters?