Assignment: Risk Analysis
Instructions
ABC is a healthcare organization located in the Midwest who just hired their first Security Officer. The organization does not have any security controls in place, to include policies, reasonable safeguards, and security measures. The first thing the new Security Officer does is identify a list of potential threats to the organization, which are listed below.
Reasonably Anticipated Threats1. Virus, Worm, or other types of malicious code
2. Unintentional workforce behavior – Careless acts or errors, accidental disclosures or destruction of PHI, or computer misuse
3. Intentional workforce behavior – Unauthorized access, disclosures or destruction of PHI, software license violations, computer misuse
4. Tampering – Programming a backdoor or trap door, installing rogue devices or sniffers, denial of service attacks
5. Programming errors, software failure, bugs
6. Theft – Property (Hardware/Software/Data) and identity theft
7. Hardware or mechanical failure
8. Power failure, fluctuation, or electrical disturbance.
After evaluating the threats, the new Security Officer identifies a list of controls, listed below, that could be put in place to mitigate the threat(s).
Controlsa. Policies, procedures, plans, standards, etc.
b. Training and awareness
c. Authentication and access controls
d. Anti-virus software
e. Uninterruptible Power Source (UPS) and generators
f. Workforce background checks
g. Privacy or anti-glare screens
h. Fire proof media safe (for backups)
i. Encryption
j. Auditing and monitoring
k. Surveillance cameras
l. Door alarms
m. Vulnerability scanners
n. Configuration management and change control
o. Business continuity planning
p. Disaster recovery planning
q. Incident response procedures
r. Data backup or redundancy systems
Your job is to help the Security Officer place the appropriate control to each threat. Using the worksheet below, identify which threats could be addressed by each control; keep in mind that multiple controls can be used to address each threat. Once you have identified which threat addresses each control and have completed the worksheet; pick a threat and prepare a one page word document describing how you would implement the controls for that threat. This word document will be presented to the new Security Officer.
Your plan should be at least one page in length, Following APA formatting. To include all references appropriately cited.
WORKSHEET
CONTROL / THREAT
1. Virus, Worm, or other types of malicious code
2. Unintentional workforce behavior – Careless acts or errors, accidental disclosures or destruction of PHI, or computer misuse
3. Intentional workforce behavior – Unauthorized access, disclosures or destruction of PHI, software license violations, computer misuse
4. Tampering – Programming a backdoor or trap door, installing rogue devices or sniffers, denial of service attacks
5. Programming errors, software failure, bugs
6. Theft – Property (Hardware/Software/Data) and identity theft
7. Hardware or mechanical failure
8. Power failure, fluctuation, or electrical disturbance
9. Virus, Worm, or other types of malicious code
Grading Rubrics
A. Controls and Threats (10 points)
B.Breech of Confidentiality(5 points)
C. Plan (15 points)