Project Two Guidelines and Rubric - IT-313-X1786 Risk Mgmt_Mitigation Sys Des 23EW1
pdf
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
313
Subject
Information Systems
Date
Feb 20, 2024
Type
Pages
4
Uploaded by msheba08
10/9/23, 5:02 PM
Assignment Information
https://learn.snhu.edu/d2l/le/content/1381729/viewContent/26497045/View
1/4
IT 313 Project Two Guidelines and Rubric
Competency
In this project, you will demonstrate your mastery of the following competency:
Develop risk analysis and mitigation plans
Scenario
You are the IT risk assessment lead at Health Network, Inc., a health services organization headquartered in Tampa, Florida. Health Network has over 700 employees throughout the
organization and generates $500 million in revenue annually. The company has two additional locations in Seattle, Washington, and Arlington, Virginia. These locations support different
aspects of corporate operations. Each facility is located near a data center, where production systems are located and managed by third-party data-center hosting vendors.
Health Network has three main products:
1. HNetExchange is the primary source of revenue for the company. The service handles secure electronic medical messages that originate from its customers, such as large hospitals, which
are then routed to receiving customers such as clinics.
2. HNetPay is a web portal used by many of the company’s HNetExchange customers to support the management of secure payments and billing. The HNetPay web portal, hosted at Health
Network production sites, accepts various forms of payments and interacts with credit-card processing organizations, much like a web commerce shopping cart.
3. HNetConnect is an online directory that lists doctors, clinics, and other medical facilities to allow Health Network customers to ±nd the right type of care at the right locations. It contains
doctors’ personal information, work addresses, medical certi±cations, and types of services that the doctors and clinics offer. Doctors are given credentials and are able to update the
information in their pro±les. Health Network customers, which are hospitals and clinics, connect to all three of the company’s products using HTTPS connections. Doctors and potential
patients are able to make payments and update their pro±les using internet-accessible HTTPS websites.
Health Network operates in three production data centers that provide high availability across the company’s products. The data centers host about 1,000 production servers, and Health
Network maintains 650 corporate laptops and company-issued mobile devices for its employees.
A previous risk assessment identi±ed the following threats:
Potential loss of data due to inappropriate hardware decommission
Potential loss of protected health information (PHI) from lost or stolen company-owned assets, such as mobile devices and laptops
Potential data loss due to corrupt production data resulting from a systems outage
Internet threats from hackers and other malicious actors
10/9/23, 5:02 PM
Assignment Information
https://learn.snhu.edu/d2l/le/content/1381729/viewContent/26497045/View
2/4
Insider threats due to social engineering, installation of malware and spyware
Changes in the regulatory landscape that may impact operations
Based on the ±ndings of this risk assessment, Health Network administration has determined that the existing risk management plan does not take into account the above threats and is
therefore out of date. You have been assigned to develop a new plan.
Directions
For this assignment, you will create a risk management plan for Health Network that contains the following objectives:
1. Importance
: Explain the plan’s purpose and importance for the key stakeholders of the organization.
2. Scope
: De±ne the scope and boundaries of the plan.
3. Risks
: Identify the organization’s primary internal and external risks based on the local environments where facilities are located.
4. Safety
: Describe physical and safety considerations associated with the identi±ed risks.
5. Business Impact
: Conduct a business impact analysis (BIA) that determines the probability and signi±cance of certain risky events and their potential impact on the various aspects of
Health Network’s business.
6. Mitigation
: Identify strategies to mitigate these risks and to allow Health Network to continue operating (business continuity plan (BCP) and disaster recovery plan (DRP)) if these risks
occur.
What to Submit
To complete this project, you must submit the following:
Risk Management Plan (5 to 10 pages)
The recommended length for this plan is 5 to 10 pages, single spaced, and submitted on a ±le that your instructor can easily access (.PDF, .doc).
Project Two Rubric
Criteria
Exemplary (100%)
Pro±cient (85%)
Needs Improvement (55%)
Not Evident (0%)
Value
Importance
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Explains the purpose and
importance of plan for the key
stakeholders of the
organization
Shows progress toward
pro±ciency, but with errors or
omissions; areas for
improvement may include an
explanation of how the plan is
important for key stakeholders
Does not attempt criterion
5
10/9/23, 5:02 PM
Assignment Information
https://learn.snhu.edu/d2l/le/content/1381729/viewContent/26497045/View
3/4
Criteria
Exemplary (100%)
Pro±cient (85%)
Needs Improvement (55%)
Not Evident (0%)
Value
Scope
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
De±nes the scope and
boundaries of the plan
Shows progress toward
pro±ciency, but with errors or
omissions; areas for
improvement may include
scope and boundary de±nitions
related to the plan
Does not attempt criterion
10
Risks
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Identi±es the primary internal
and external risks
Shows progress toward
pro±ciency, but with errors or
omissions; areas for
improvement may include
identi±cation of speci±c
internal and external risks
Does not attempt criterion
20
Safety
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Describes the physical and
safety considerations
associated with the identi±ed
risks
Shows progress toward
pro±ciency, but with errors or
omissions; areas for
improvement may include a
description of physical and
safety considerations
Does not attempt criterion
20
Business Impact
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Determines the probability and
signi±cance of certain risky
events and their potential
impact
Shows progress toward
pro±ciency, but with errors or
omissions; areas for
improvement may include a
determination of the
probabilities of certain risky
events and their potential
impact
Does not attempt criterion
20
Mitigation
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Identi±es strategies to mitigate
the identi±ed risks that
includes a BIA and DRP
Shows progress toward
pro±ciency, but with errors or
omissions; areas for
improvement may include an
identi±cation of strategies to
mitigate risks and inclusion of
BCP and DRP
Does not attempt criterion
15
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Criteria
Exemplary (100%)
Pro±cient (85%)
Needs Improvement (55%)
Not Evident (0%)
Value
Articulation of Response
Exceeds pro±ciency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Clearly conveys meaning with
correct grammar, sentence
structure, and spelling,
demonstrating an
understanding of audience and
purpose
Shows progress toward
pro±ciency, but with errors in
grammar, sentence structure,
and spelling, negatively
impacting readability
Submission has critical errors in
grammar, sentence structure,
and spelling, preventing
understanding of ideas
5
Citations and Attributions
Uses citations for ideas
requiring attribution, with few
or no minor errors
Uses citations for ideas
requiring attribution, with
consistent minor errors
Uses citations for ideas
requiring attribution, with
major errors
Does not use citations for ideas
requiring attribution
5
Total:
100%