Assignment Task:
It's All About the Process
For this assignment, you will need to review the Case Study presented and go through the process of completing a risk analysis to identify the security threats, determine the potential impacts of these risks and provide recommended strategies to minimize them.
Case Study:
DeVry Regional Medical Center provides emergency care, generalized surgical services, and has multiple outpatient clinics as part of their healthcare facility. DeVry Regional Medical Center has just completed their implementation of a new integrated health information system (HIS) to improve the coordination of their patient care and for streamlined data management. During the final stages of implementation, it was discovered that there are some security concerns that will need to be resolved.
The Information Systems (IS) Implementation Team identified the following deficiencies during their final evaluation of the overall network as the final phases of implementation were live. They discovered that there were inadequate access controls, potential network security vulnerabilities, along with discovering that DeVry Regional Medical Center does not have any type of comprehensive incident response plan in place. As the IS Implementation Team Lead, you have been asked to collaborate with the head of their IT Department to conduct a full risk analysis to identify and mitigate these security threats that have come to their attention.
Action Plan:
As the IS Implementation Team Lead, you are to perform a detailed risk analysis of the overall DeVry Regional Medical Center's information system and network. You have been asked to identify any specific security threats identified during your risk analysis, evaluating the impact of these risks, and to recommend strategies that can be put into place to reduce them.
Steps you will complete the following as part of your risk analysis report:
1. Review the health information system implementation to report out on all potential security threats you identify.
2. You will analyze the potential impact of each identified threat. Take into consideration the impact to patient care, data integrity, and system availability.
3. Create 3-4 specific recommendations that addresses each threat (i.e., weak access controls, issues with network security, lack of an incident response plan in place). Looking for Online Tutoring?
Your deliverable method can be either in the form of a half-page to full page report or PowerPoint slides that outline each of the risk analysis steps you completed with your recommendations for addressing the threats. For PowerPoint slides, the slides should outline your key points/recommendations and utilize the Notes section under your slides to provide complete sentences for your report as if you were presenting to a board for approval to implement.