Assessment.pdf | bartleby

Assessment 4: Risk Management Sydney Berglund IT-FPX2280- Network Tech and Architecture Capella University Professor Conrad December 2023

Security Goals In a healthcare system there are many aspects of data and equipment that needs to be secure. In terms of patient data, you also must make sure that you are meeting the HIPAA compliance requirements as well. You also have to contend with the fact that since the COVID 19 Pandemic the remote workforce has become wildly popular. With that there are goals for security that you need to set. 1. Create and enforce security solutions that meet the regulations for healthcare cybersecurity. a. HIPAA Security Rule- Controls how PHI and EPHI must be secured. b. NIST-Mandates cybersecurity for all federal agencies and contractors c. Payment Card Industry Data Security Standards- This is for making sure that when we store, process, or transmit data about card holders. d. Cybersecurity and Infrastructure Security Agency (CISA)- Publishes known cybersecurity threats. 2. Conduct regular security assessment. We need to make sure that our platforms are not vulnerable with regular system checks. 3. Educate and Train Employees- WE need all of our employees to understand how important cybersecurity is. 4. Neutralize threats with access controls. We will need to implement the least- privilege principles for all areas that are deemed for authorized users only. 5. Need to have an incident response plan. This will include containment, investigation, notification, and recovery for all incidents that do occur. Bring Your Own Device

As more and more people start working from home some companies are allowing them to bring their own devices. This includes phones, computers, flash drives, and others. We will need to have to have strict policies when it comes to employee devices. 1. Minimum password requirements. Each device will have a password that meets our standard requirements. 2. Multifactor authentication- Alongside the password requirements we will also require MFA. Which will require two types of identification verification prior to having access to the system. 3. Mobile device management. We will have to have a policy for installing these types of software that can enforce log on and data encryption policies. Acceptable Use Policy (AUP) We will need to implement an Acceptable Use Policy for all employees. This will need to be signed by all employees upon hire and then again annually. We will need to include: 1. Overall restrictions 2. Software installation rules 3. Internet usage guidelines 4. Consequences Non-Disclosure Agreement (NDA) NDAs for any medical office can protect against unethical and professional disclosure of patients’ personal and medical information which will also fall under HIPAA. These will need to be signed at the start of employment. NDAs will need to include:

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help