IT313 Risk Analysis and Mitigation Plans

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

313

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

7

Uploaded by msheba08

Running Head: RISK ANALYSIS AND MITIGATION PLANS 1 IT 313 Project Two Bathsheba Myers Southern New Hampshire University Risk Analysis and Mitigation Plans October 15, 2023
RISK ANALYSIS AND MITIGATION PLANS 2 Introduction Any business, especially Health Network, Inc., that aims to detect, evaluate, and reduce potential dangers to its processes, information safety, and general viability must mitigate risk. A risk is any occurrence or situation that might have a consequence on a company's goals, either positively or negatively. Health Network, a well-known healthcare company with nearly 700 staff members and $500 million in yearly earnings, is headquartered in the Florida city of Tampa and maintains locations in Seattle, Washington, and Arlington, Virginia. The company's primary services, such as HNetPay, HNetExchange, and HNetConnect, are essential to delivering medical care. A threat in the setting of the Healthcare Network can appear as a circumstance or element that could impair its medical services, jeopardize the integrity of its information, or harm its image in the marketplace. Proactively identifying these possible dangers and creating countermeasures is essential for efficient risk reduction. This approach to risk control will outline the underlying concepts and significance of risk administration for the company and address particular problems internally and externally. Importance and purpose For many essential stakeholders inside the company, the risk management strategy for Healthcare Network fulfills a vital function and is of utmost significance. This risk mitigation aims to recognize, track, evaluate, minimize, and avoid hazards to consumers. It entails an intricate web of medical and managerial processes, structures, operations, and analysis frameworks (McGowan et al., 2023). Its purpose is to offer a systematic structure for locating flaws and putting protective measures in place. Several important constituents across Health set a high priority on the risk mitigation plan. The highest-ranking executives and the company's leadership must guarantee the confidentiality of data, the reliability of personally identifiable information, and private medical information. Directors can safeguard the confidence of their workforce by reducing the risks connected with information theft and failure to comply (Pascarella et al., 2021). The strategy strongly emphasizes promoting the physical security of Health Network's employees, resolving issues with working conditions, and creating a safe workplace. Furthermore, it promotes an atmosphere of preparedness and readiness, allowing staff members to spot and notify potential hazards quickly. The plan also facilitates the strategy for ensuring business resilience amid possible disruptions brought on by different hazards. The corporation's revenue sources and supply of services, essential to its successful outcome, are preserved through this continued operation. This comprehensive plan essentially serves as a cornerstone for Health Network, Inc., allowing it to safeguard the objectives of all of its constituents and carry out its primary goal of providing critical medical treatments efficiently and reliably. Closely related to its importance is the scope of the plan. This risk mitigation scheme's broadness is intended to cover all aspects of Health Network, Inc.'s activities, particularly protecting vital resources, information, and capabilities. To make this plan's scope and restrictions clear, it is crucial to define its limits. It deals with data safety and covers data kept in the organization's computer networks and research centers, particularly protecting monetary records and personal health information (PHI). It also includes physical safety, which includes
RISK ANALYSIS AND MITIGATION PLANS 3 safeguards for workplaces, comprising buildings and offices, to guarantee the safety of staff members and guests and preserve corporate property. Additionally, it comprises company disaster recovery strategies intended to keep crucial corporate processes running through disturbances, avoiding lengthy and service outages. The plan also considers complying with regulations, which includes evaluating and adapting to ever-shifting healthcare legislation. This ensures that the company keeps up with increasing regulatory and financial needs. The plan also covers the detection and reduction of hazards from both inside and outside the organization. Risks Every company's mission inevitably and unavoidably involves risk and Health Network, Inc. is no different. Recognizing, evaluating, and minimizing potential internal and external threats that can impair activities and jeopardize the company's fundamental principles is crucial in risk mitigation. In its most basic form, a risk is the unpredictability that surrounds any situation or event and has a chance to have an influence, either positively or negatively. Internal Threats Health Network, Inc. is very concerned about internal dangers. These risks emanate from inside the company and cover a range of issues that, if not addressed, could jeopardize information safety and continuous operations. The first internal danger concerns the Inappropriate Equipment Decommission. It entails inappropriate disposal of gear, especially inside servers, which might lead to corruption of data and the release of classified data. The devices can land in the hands of individuals with malicious intentions, which means that information and data inside such assets are at risk of manipulation. Theft of company-owned property, including mobile devices and computers, is the second type of vulnerability. Protected personally identifiable information and other confidential information are at risk from potential damage or exploitation of these resources. With the rise of cybercrimes, data that is not stored in the correct format and places is at a high risk of landing in unsafe hands, in which further manipulation to steal insights can be performed against the organization's consent. Insider threat is a common risk in healthcare settings; this originates from risks and threats caused by healthcare organization employees and workers. Human errors that result during data entry can expose sensitive information to outsiders. The lack of education and training on the current security threats and occurrences results in the regular installation of malware and ransomware through phishing or unscanned media devices, which might corrupt the organization's data in the data centers and servers. External Threats The risks and threats that originate from outside the organization are referred to as external threats, and just like internal threats, external threats have the same capabilities of hindering the operational continuity and success of the organization’s objectives. The main external threat is cybersecurity and internet threat. With the increased technological innovation and application in different areas, there is an increased rate of cyber-attacks, which mainly target the organization’s data and data centers, and their impacts span from data breaches to the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help