Risk Assessment Plan - Subba Reddy A+ Grade Guaranteed

SOL 533 - Information Security and Risk Management RISK ASSESSMENT PLAN University of the Cumberlands Table of Contents PAGE 1. Executive Summary 3 2. Outline of a Risk Assessment Plan 3 2.1 Objectives 3 3. Risk Assessment Approaches 4 4. Scope and Boundaries 5 4.1 Scope of the Products 5 5. Roles and Responsibilities 6 6. Proposed Schedule for Risk Assessment 7 7. Risk Assessment Results 7 8. Control Measures 7 9. References 8 1.EXECUTIVE SUMMARY Risk Assessment is an important phase in identifying and evaluating the risks in the Health Network Inc. It is also referred to risk analysis. In this plan risks are identified and based on their significance or the impact, the risks are prioritized in order to fix it. In this Risk Assessment, they help in identifying the most important risks in the organization and in the risk management program risk assessments is the major part. 2 This study source was downloaded by from CourseH on :36:52 GMT -06:00 ISOL 533 - Information Security and Risk Management RISK ASSESSMENT PLAN University of the Cumberlands These risk assessments are used for the identifying and prioritizing based on the importance of the risks in Health Network Inc. It also helps in implementing the safeguards for the identified risks in this Health care project. And these safeguards are nothing but the controls. These controls will be implemented to control the risk or reduce the risk. Health care project is having huge amount of data related to the customer information, medical records, employee records, doctor information etc. The data should be more secure. In order to be on the safe side, risk assessments should be implemented to identify, evaluate the risks in the Health Network Inc. As this Health Network Inc products are used by so many people all over the world, the probability of getting risks and threats will be coming from the external people. It will not be easy to determine which system needs the protection (HNet Exchange, HNet Pay, HNet Connect). Risk Assessment swill helps in identifying the system which needs more protection in the Health Network products. It also gives an overview of the controls which provide values. It is based on evaluating risks, controls and monitoring them periodically. 2. OUTLINE OF A RISK ASSESSMENT PLAN 2.1 Objectives To identify the threats and vulnerabilities: It is mainly identifying the threats for the Health Network project. It may include the following threats like attacks via internet, failures of software or hardware and internet connectivity issues etc. It may include the following like no proper protection from firewalls, lack of software updates, lack of antivirus to the system, no proper updates to the server etc. To Identify Likelihood of the risks: In the Health Network Inc, the risks found during accessing the company’s products the historical data need to be saved. For example, if the risk occurs 3 times in the past year the historical data helps to reduce the impact of the risk. Assign Responsibilities: Specific departments will be associated with different responsibilities. They should track and implement the plan