CYB420_ProjectOne_stepstone_Adrienne_JohnstonFFFF

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

420

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by johnstondarcy

Report
Project One Stepping Stone: Risk Domain Analysis Cyb 420 Adrienne Johnston SNHU
Vulnerability One Network issues resulting in intermittent slowdowns and/or dropped communications usually point to issues with cabling or hardware shortfalls. In regard to the three risk domains, this falls under the technology domain. Although, on the surface, hardware performance is clearly the initial issue, upon further inspection, the internal and guest Wi-Fi is not HIPAA compliant . Operational security controls would have this organization upgrade the current consumer grade Wi-Fi router to a proper business class Wi-Fi router with the proper firewall, configured to prohibit direct inbound and outbound traffic from networks with PHI (protected health information) traffic. Proper bandwidth will also allow for increased traffic during peak times. It is important to always have HIPAA in mind when any patient PII is involved in any way and take steps to not only, operationally, be up to standard, but also physically. Vulnerability Two The protection of physical assets falls under the physical and operational domains. With management already on-board with heading total HIPAA compliance, reconfiguring access to the physical capital of the healthcare office is necessary. Following the physical security controls, HIPAA dictates that physical assets and cloud resources be secured. Implementation of locks, surveillance cameras, alarms, and signs of restricted access. Identification badges will be issued throughout the office, giving some employees access to restricted areas. These steps will ensure that both employees and patients PII will be secured and accounted for 24 hours a day. The consequences for violating HIPAA guidelines can be costly. Vulnerability Three
Working from home is commonplace and convenient, working from home and remaining HIPAA compliant is a job unto itself. The operational and technical domain applies to this issue. Its my opinion that this can benefit from all three controls, administrative, physical , and technical. Before any employee can use a personal computer to access company data remotely, they would need to bring their device to the IT department so they can make to proper configurations and install a VPN, and make sure all PHI is encrypted. Also, disabling of the ability to save PHI to external media. This ensures that all PHI remains confidential and secure. Vulnerability Four The main concept HIPAA operates under is protecting PHI from unauthorized access. When a system, that operates in patient care, allows for unregulated access to its components, that runs afoul of the very core values of HIPAA. This can result in hefty penalties and consequences. The operational and physical domains apply here and can be addressed by operational and physical security controls. This can be corrected by simply installing a workstation that allows for guest access with its own dedicated guest network that has the ability to use external media disabled. Adversarial Mindset Cybersecurity addresses an everchanging landscape, old and new threats alike, require IT professionals to evolve along with the threat landscape. Thinking like a threat actor will only benefit an organization that deals in data. Being aware, not naive, to the avenue’s hackers will go down in order to secure valuable data is a boon to any action to thwart malicious activity. A well-trained individual could access company data through an unsecured workstation, unlocked door, or unencrypted data flow, justifying all recommendations I have suggested.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References https://hipaa.yale.edu/security/policy-guidelines-physical-security https://www.itgovernance.co.uk/blog/the-8-cissp-domains-explained https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/ physsafeguards.pdf

Related Documents

Practice Exam.docx
CJ 310 Module Four Journal Course Hero Upload.docx
Cancer Awareness Network Survey Results.pdf
Course Project Module 2 PowerPoint Template.pptx
CYB420_Projectonemilestone_SecConImpAss_Adrienne_Johnston.docx
CYB400_Project_One_Security_Assy_Adrienne_Johnston.docx
CYB400_Presentation_Preview_Adrienne_Johnston.docx
Cyb400_Project_Two_Talking_Points.docx
CYB420_Project_Management_Adrienne_Johnston_FINAL.docx
Cyb400_Project_Two_Talking_Points_FINAL_Adrienne_Johnston.docx
QSO640_Final_Project_Adrienne_Johnston01.docx
D482 Secure Network Design.docx