Assignment task: As the CISO for a health care organization, you are tasked with:
- Choosing a risk management framework and associated systemic process that measures and evaluates risks that may impact the organization's assets and data
- Developing a security management plan that is aligned to the health care organization's goals and objectives
The goals are:
- Patient Satisfaction: Patient satisfaction is the foundational strategy by which the health care organization will attain its mission. It encompasses patient outcomes, compliance scores, and patient and visitor experiences within the health care organization.
- Increase Revenue: Providing excellent care requires money. The health care organization seeks to maximize revenue wherever ethically possible through a strategy that captures, retains, and grows revenue.
- Maximize Operational Efficiencies: Maximizing operational efficiencies helps the health care organization get the most value out of each dollar of revenue. Efficient operations also directly affect the patient experience and overall patient and visitor satisfaction.
- Gain positive returns on capital investments.
- Ensure that new initiatives show a tangible return on investment (ROI).
The objectives are:
- Leverage assets and resources for centralizing and automating processes.
- Reduce the total cost of ownership (TCO) with respect to the IT infrastructure and IT systems.
- Improve the security of IT systems in order to protect the confidentiality, integrity, and availability of its data, assets, and systems.
- Improve compliance with regulatory requirements, such as HIPAA, Food and Drug Administration (FDA), and Payment Card Industry Data Security Standard.
Part A: Develop a 5- to 7-slide Microsoft® PowerPoint® presentation for the health care organization's senior leadership that recommends a risk management framework.
Address the following:
- Define the chosen risk management framework for the organization to implement as part of its risk management program.
- Illustrate the associated risk management processes.
- Justify your choice for the risk management framework.
Note: The chosen risk management framework will be included in the security management plan in Part B.
Part B: Develop a 3- to 4-page security management plan that documents the health care organization's information security governance and the risk management components of the enterprise information security program.
Include the following:
- Description of the health care organization's security management program
- Alignment of security objectives to the health care organization's goals and objectives
- Information security governance major activities
- Legal and regulatory compliance requirements
- Corporate compliance and security roles and responsibilities (CEO, CFO, CIO, CISO)
- Risk management framework and major processes
- List of required information security policies
Note: All references need to adhere to APA citation guidelines.