IT4070 Unit 10

docx

School

Capella University *

*We aren’t endorsed by this school

Course

4070

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

4

Uploaded by CommodorePenguin2708

Report
Risk Assessment Template Learner Name: Janie Craig Use this template to identify and address the exposures to the Anchor Hospital network infrastructure. Note that there are many possible exposures, but you are expected to address the ones that you believe pose the greatest risks. Risk 1: The Physical Security Describe risk or vulnerability: The physical security is 2 security guards 24-7 hired from a third-party vendor for a 10-acre campus. This can pose a risk as they cannot monitor and respond to a potential threat at the same time. This is not enough manpower to assist in security risk as they could cause physical damage to the hospital-specific system in one area while someone else is doing it in another area. The third-party vendor may not background check properly either which may also pose a threat or just plain negligence from the employees. Assess the degree of risk and impact: Degree of risk Rate the degree of risk on a 5-point scale, with 1 being “very unlikely to occur” and 5 being “very likely to occur” and justify your assessment: 1 2 3 4 5 Justification: I am giving this a four as it is a high possibility for hospital security as they could also be dealing with a disgruntled patient in one area while some other malicious intent is going on in another. As well as the third party supplying these employees possibly not doing an extensive background check. Impact Rate the degree of impact on a 5-point scale, with 1 being “low impact” and 5 being “very high impact” and justify your assessment: 1 2 3 4 5 Justification: Potentially a level 5 impact as if this were to happen it could cause a lot of harm to the systems or even the hospital's reputation and can cost Anchor hospital a lot of money and risk their reputation. It 1
IT4070 is not worth the risk. The third-party vendor should do extensive background checks and give additional security guards. If Arbor Hospital plans to stay with going the vendor route. Proposed controls for Risk 1 (Risk 1 only): Describe what you consider to be the most effective control to address the exposure through each of the following ways: Mitigation: Physical access control, video surveillance, perimeter security, intrusion detection systems, and alarm systems can assist in a safer environment for employees, vendors, patients, and anyone who is at the hospital. Procedure: Implementing good access control starting from the perimeter and then going in with physical security and surveillance can assist in the protection of the hospital. Policy: A well-established Physical Security Policy can assist in the protection of any breaches and all employees can be made aware of what to do and what not to do. If an employee sees anything take place or an incident they will know where to direct this issue. This policy can also outline regular testing and maintenance that may need to occur, so the hospital stays on top of any security issues. Risk 2: The IDS being placed in front of the Windows Firewall. Describe risk or vulnerability: The IDS being placed in front of the Windows Firewall can cause breaches. Which can cause incidents of being caught too late or ignored due to all the unnecessary traffic alerts. Assess the degree of risk and impact: Degree of risk Rate the degree of risk on a 5-point scale, with 1 being “very unlikely to occur” and 5 being “very likely to occur” and justify your assessment: 1 2 3 4 5 Justification: This is a big risk for the organization as the IDS should be placed behind the firewall to assist in better protection of the system. Impact Rate the degree of impact on a 5-point scale, with 1 being “low impact” and 5 being “very high impact” and justify your assessment: 2
IT4070 1 2 3 4 5 Justification: If it was placed behind the firewall, it could provide higher visibility of traffic entering the network and the security team would see unnecessary alerts of traffic between the authorized users on the network. Risk 3: Policies Describe risk or vulnerability: Not having the proper policies and procedures put into place can cause a huge risk to the hospital. Without the proper training with these as well can cause issues. Assess the degree of risk and impact: Degree of risk Rate the degree of risk on a 5-point scale, with 1 being “very unlikely to occur” and 5 being “very likely to occur” and justify your assessment: 1 2 3 4 5 Justification: If the proper policies and procedures are not put into place or are not regularly updated and reviewed by everyone, they pertain to it can cause risks. Some people are not aware of the risk of sharing a password or simply not updating something right after giving a patient something. This can cause a lot of risks or incidents. A good management team and IT department set up and regularly implementing these can assist the organization. Impact Rate the degree of impact on a 5-point scale, with 1 being “low impact” and 5 being “very high impact” and justify your assessment: 1 2 3 4 5 Justification: I would say without proper policies in place that it could potentially cause incidents as well as financial cost, risk to reputation, and many other issues. The proper policies can make this one for risk of this. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
IT4070 Risk 4: Cyber Threats Describe risk or vulnerability: A cyber-attack can be a huge risk, especially in smaller hospital organizations. As we have seen a rise in smaller hospital organizations rather than the larger ones. Assess the degree of risk and impact: Degree of risk Rate the degree of risk on a 5-point scale, with 1 being “very unlikely to occur” and 5 being “very likely to occur” and justify your assessment: 1 2 3 4 5 Justification: The risks are minimal but not nonexistent as there are some cyber threats. Hackers can wish to gain information to hold from ransomware or potentially just gain access for financial gain. Whatever the cause, it can happen if the proper procedures and policies are not followed. As well as the proper systems not implemented and followed. Impact Rate the degree of impact on a 5-point scale, with 1 being “low impact” and 5 being “very high impact” and justify your assessment: 1 2 3 4 5 Justification: If this were to happen it could cause the hospital to have massive financial loss as well as a cost to the hospital’s reputation. An incident can also cause the patients personal information and risk to our vendors as well. 4

Related Documents

AWS Cloud Architect Exam Tips and Recommended Study Plan.docx
Discuss the US priorities of cybersecurity and where you see the need for improvement over the next
Unit 8 IT4076.docx
IT4076 Unit 7.docx
Encryption Unit 9 IT4070 (1).docx
_IT4080 - Unit 6.docx
Database Security IT4080 Unit 4 (1).docx
Assignment 6 IT4070.docx
D294 Task4.docx
INTD670_U5_IP_Morgan_Weckesser.docx
CIS204 1.4 Performance Assessment_ACLs.docx
Week 2 Assignment.docx