Scenario:
You work for a large, private health care organization that has server, mainframe, and RSA user access. For the third week in a row, Sean comes into your office at 5:00 p.m. on Friday and needs you to write a report describing some of the risks associated with not having all the security items in place. He needs you to research a generic risk management policy template and use that as a starting point to move forward. He also asked you to search for risk outcome examples from organizations similar to theirs.
You realize that your organization does not have much in the way of an information security strategy, and is missing many of what you think are critical components. Your organization is compliant with the Health Insurance Portability and Accountability Act (HIPAA) and follows other external compliance requirements.
Assignment Requirements:
Research templates, and look for risk outcome examples from organizations of a similar type as your organization. Write a report identifying the risks associated with the current position your organization is in, and how your organization can mitigate risk by using information security systems policies. Include an introduction explaining the following: Who? What? When? Why? Be sure to add a conclusion with a rationale detailing how risks can be mitigated. Reference your research so that Sean may add or refine this report before submission to senior management.