project11
OVERVIEW:
• Write paper in sections
• Understand the company
• Find similar situations
• Research and apply possible solutions
• Research and find other issues
HEALTH NETWORK INC
• You are an Information Technology (IT) intern
• Health Network Inc.
• Headquartered in Minneapolis, Minnesota
• Two other locations
• Portland Oregon
• Arlington Virginia
• Over 600 employees
• $500 million USD annual revenue
DATA Centers
• Each location is near a data center
• Managed by a third-party vendor
• Production centers located at the data centers
Health network’s Three products
• HNetExchange
• Handles secure electronic medical messages between
• Large customers such as hospitals and
• Small customers such as clinics
• HNetPay
• Web Portal to support secure payments
• Accepts various payment methods
• HNetConnect
• Allows customers to find Doctors
• Contains profiles of doctors, clinics and patients
Health networks IT network
• Three corporate data centers
• Over 1000 data severs
• 650 corporate laptops
• Other mobile devices
Management request
• Current risk assessment outdated
• Your assignment is to create a new one
• Additional threats may be found during re-evaluation
• No budget has been set on the project
Threats identified
• Loss of company data due to hardware being removed from production systems
• Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops
• Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and so on
• Internet threats due to company products being accessible on the Internet
• Insider threats
• Changes in regulatory landscape that may impact operations
Part 1 project assignment
• Conduct a risk assessment based on the information from this presentation
• Write a 5-page paper properly APA formatted
Your paper should include
The Scope of the risk assessment i.e. assets, people, processes, and technologies
Tools used to conduct the risk assessment
Risk assessment findings
Business Impact Analysis
This is the second part of Project 1 that you started in Week 4. Following the instructions on the PowerPoint Slide.
You will add to your findings from part 1 and address them with a risk mitigation plan.
The plan should include
The methods to reduce risk and vulnerabilities
Determine if the organization is risk-averse or risk-tolerant
Strategies to mitigate residual risks
The requirements for this half are also five pages correctly APA formatted.
Running Head:
HEALTH RISK ASSESSMENT
HEALTH RISK ASSESSMENT 7
HEALTH RISK ASSESSMENT
Student name
Professor name
Institution
Course
Date
INTRODUCTION
Basing on the current situation at this company and bearing in mind that we are living in the contemporary world that is full of change and risks in business. There is a great shift in paradigm through information technology as a department on its own where almost all the services are conducted online and linking up with the world population still needs information technology concept. Due to these continuous change which is dynamic in this health company, evaluation, as well as reevaluation of the risks that are associated with the management of IT programs and systems, is necessary and new plans need to be formulated to assess the probable risks the company may encounter as they offer services to their customers after evaluating the previous plan. This will enable the management to detect some of the flaws in the previous risk assessment plan that resulted in the company to be vulnerable so risks again according to (Vellani 2019).
When we look at the threats identified in this health network alert for the need to have a continuous check on the risk assessment methods the company needs to deploy to ensure its network is safe. These threats include loss of company data, company information, loss of customers, threats from the internet as well as insider threats. These threats are just but only enough to surface the vision of the company by hindering the free flow of services to customers and agencies. The issue of withdrawal of customers to a notable statistic simply implies an arise of worry among themselves towards the company on her workmanship and thus reduce the trust the company has from the public. I will need to conduct an assessment of the nature of risks likely or already facing the network company and then make a plan on how these risks need to be mitigated as far as IT is concerned according to (Shedden.et.al.2016).
STEPS IN CONDUCTING A RISK ASSESSMENT
The first step in risk assessment for any company is the identification of the risks in the company. This is where the team embarks to identify things that are likely to cause harm to the health network, for example, the current risk assessment plan is outdated, removal of hardware in the production system leading to loss of data as mentioned up there is another risk. This step yearns to exhaust the vulnerability of the network system to the external attackers and table these risks according to (Vellani 2019). After walking around to get the risks, you now ask people in the company or at the place you identified the risk on their take of the available risk as they will help to shed some light on the risk identified. For that case in these health networks, I will ask employees in the compound as well as immediate stakeholders on how the system has been working without a risk assessment tool then also inquire from the management of their take on how customers are leaving the enterprise.
The next step to take still on the identification of the hazard is to visit the house website which is the server, for example, the risk like loss of management data. After inquiring people you have to visit the network provider for a helpful guide on how to deal with the issue looking at the manufacturer’s instructions and the datasheets, these steps will ensure all the hazards that might occur in the company or the existing threats to progress have been identified before you move to the second step of risk assessment according to (Shameli-Sendi, Aghababaei-Barzegar & Cheriet 2016).
The second step during risk assessment after the risks have been identified is to understand the source of the hazards and threats to the company looking at how that source sends the threats to the company. This decision will be reached basing on every risk identified at glance for example for our case here at the health networks, the source of the risk like massive withdrawal of customers from the company is due to the poor service delivery in the company that aims at profit-making and not customer satisfaction. A risk like reputation, its source can be discovered as the public and the ruling power enforced by political differences where an undercover decides to spoil the image of the company and her services offered. Source of finances or just inadequate finance in the company can be the source of risk like having an outdated risk assessment plan.
Now the third step after the source of the risk has been identified for all the risks mentioned or anticipated to face the company, is to evaluate the nature of the risks at hand then decide on the precautions. In this stage, you now make decisions that you can call a meeting with the stakeholders to discuss or even just make your own decisions according to (Song.et.al.2019). These decisions also follow a certain procedure because they will be standing for years to come, this comes after you have analyzed the nature of your decisions and the core things to think as you make a decision are that will I get rid of the hazard once? if not then what are the ways to mitigate this risk to reduce the vulnerability of its occurrence again? A control against the occurrence of the risk once again follows the following principles; incorporate less risky applications in the network, guard against external attackers, make arrangements to reduce exposure of the system to external attack then provide risk recovery facilities to ensure the company or system runs again as normal.
The fourth step under risk assessment after evaluation of the risks identified is to record the findings from the evaluation then put measures in place to implement them. This is the step where a course of action is taken to ensure the technique put across to mitigate the risks are initiated and every detail is recorded and filed for the sake of reference and presentation. In this case, where the main threat comes from the IT, measures, and recordings will aim at curbing the cases of cybercrime and the protection of system data. This can be done through encryption and setting up strong passwords to protect the network from being accessed by unauthorized persons to interrupt with the privacy of information. A good risk assessment needs to show that there was a proper check in the system, ask the persons or parties affected inside and outside the company, that all the significant hazards and threats have been dealt with appropriately and also ensure the staff plus the representatives were involved in the assessment and finally a good assessment ensures that safety precautions or the mitigations measures have been set to minimize the occurrence of such risks.
The final fifth step after everything has been done is to review the risk assessment and make the necessary updates in case some information is missing. This will ensure accuracy and therefore the trustworthiness of the report as this assessment will enable the team to deduce a quantitative risk mitigation tool. In this stage, it is possible to have some of the things changed bearing in mind that a risk is something that can attack a company or system unpredicted, thus during the review the research gets into details to ensure every aspect has been captured according to (Torabi, Giah, & Sahebjamnia 2016). This is the stage where things like efficiency, cost, the accuracy of data and the whole process are investigated, as an intern student what I will do at this level is to hand over to the management for the action plan to be conducted. To make the process complete therefore I need to get feedback from the boss on the kind of assessment if it is practical and realistic or not.
CONCLUSION
For any business to thrive or a networking system to continue doing well we must consider the probable risks that business it will consider. Though these risks can be frustrating they also help to shape the management and sharpen their minds over things that can hinder one from meeting all the objectives despite having all resources in place. A company with an effective and updated risk assessment plan will always register the highest profit margins as they will have maintained a good rapport between the company and her customers according to (Bahr 2018). A good risk assessment plan will provide a blueprint to guide future projects and match with the company strategy towards meeting up the set goals and objectives. This risk assessment plan will also provide an alternative take, for example, a system failure for the health network’s software crashes or the USB storing data for the company get lost like in our case here the assessment will ensure the company doesn’t rely on one means of storage for such sensitive information. An assessment was necessary as it is one of the steps the company should take in their preparation for a successful business.
References
Bahr, N. J. (2018). System safety engineering and risk assessment: a practical approach. CRC press.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information security risk assessment (ISRA). Computers & security, 57, 14-30.
Shedden, P., Ahmad, A., Smith, W., Tscherning, H., & Scheepers, R. (2016). Asset identification in information security risk assessment: A business practice approach. Communications of the Association for Information Systems, 39(1), 15.
Torabi, S. A., Giahi, R., & Sahebjamnia, N. (2016). An enhanced risk assessment framework for business continuity management systems. Safety science, 89, 201-218.
Song, W., Zhu, J., Wang, H., & Chang, A. (2019). Multistage risk assessment of direct delivery business from local oil refineries in Sinopec Group based on normal cloud model. International Journal of Production Research, 1-27.
Vellani, K. (2019). Strategic security management: a risk assessment guide for decision makers. CRC Press.