A health care centre suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Patients expect a high level of protection of their data; however, data breaches can put the reputation of the institute at risk. It is highly recommended that a certain level of filtering is imposed for the network to be secure so as to sustain from threats and attacks. Let us assume that you are hired by the health care centre to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services (e.g., website, booking portal, electronic health equipments…) that the healthcare centre is running. The criteria that you need to address based on the given scenario is summarized into two parts: Part A: 1. Assessing the current risk of the entire business 2. Treat the Risk as much as possible Task I: Risk Identification In achieving the above two goals, you will do the followings – 1. Find at least five assets 2. Find at least two threats against each asset 3. Identify vulnerabilities for the assets Task II: Risk Assessment At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets.

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

  A health care centre suffers from very low information security in terms of maturity across many elements of infosec and information assurance, including cyber resilience and application of cybersecurity good practice. Patients expect a high level of protection of their data; however, data breaches can put the reputation of the institute at risk. It is highly recommended that a certain level of filtering is imposed for the network to be secure so as to sustain from threats and attacks. Let us assume that you are hired by the health care centre to develop an information security plan to identify the possible threats to the organization. For example, it is necessary to identify the important services (e.g., website, booking portal, electronic health equipments…) that the healthcare centre is running. The criteria that you need to address based on the given scenario is summarized into two parts: Part A: 1. Assessing the current risk of the entire business 2. Treat the Risk as much as possible Task I: Risk Identification In achieving the above two goals, you will do the followings – 1. Find at least five assets 2. Find at least two threats against each asset 3. Identify vulnerabilities for the assets Task II: Risk Assessment At the end of the risk identification process, you should have i) a prioritized list of assets and ii) a prioritized list of threats facing those assets and iii) Vulnerabilities of assets.   

Expert Solution
steps

Step by step

Solved in 3 steps

Blurred answer
Knowledge Booster
Security Techniques and tools
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education