Benchmark - Developing Enterprise Framework for a Security Program

.docx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

430

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

6

Uploaded by michaeljr1119

Report
Benchmark - Developing Enterprise Framework for a Security Program Michael Harris ITT- 430- 0500 November 23, 2023 Professor Chuck Brust Benchmark - Developing Enterprise Framework for a Security Program 1
Benchmark - Developing Enterprise Framework for a Security Program Pike’s Peak Health Care Introduction During this course, I have chosen to use Pike’s Peak Health Care. Pike’s Peak Health Care provides primary, immediate, specialty, emergency, and hospital care. Taking care of the community is the organization’s goal. There are many volunteers that provide excellent care that focusing on improving the health of the community. Pike’s even goes as far as providing in-home care for patients. It is extremely important that the organization is in compliance with the Health Insurance Portability and Accountability Act (HIPAA) law. As well as compliance with the Payment Card Industry Data Security Standard (PCI DSS). The main objective of this assignment is to evaluate and clarify the safety framework for the organization. When choosing a security framework for an organization there are couple of things to consider including the needs of the organization, the type of organization and what they provide. This will be demonstrated in regulation mappings. HIPAA PCI DSS NIST 800-53 Notes 164.308 (a)(1)(ii)(A) Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate. 11.2.1 provides guidance to demonstrate that quarterly internal vulnerability scans, "high-risk" vulnerabilities are rescanned, and performed by qualified personnel, in compliance with Requirement 11.2.1. These laws are put in place to check for vulnerabilities for organizations. 164.308 (a)(1)(ii)(D) Implement procedures to 11.2.2 provides guidance to demonstrate that The best practice is to have procedures implemented in the 2
Benchmark - Developing Enterprise Framework for a Security Program regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports. quarterly external vulnerability scans and rescans are performed workplace. 164.308 (a)(4)(i) Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part. 10.5.5 provides guidance for how to access File Integrity Monitoring (FIM) features that help you demonstrate compliance with Requirement 10.5.5. Organizations have polices for the employees physical access to information. 164.308 (a)(7)(ii)(E) Assess the relative criticality of specific applications and data in support of other contingency plan components. 10.6.1 provides Log Review incidents and Log Management incidents Every organization should have a log of ever incident that has happened. 164.308 (a)(7)(ii)(D) Implement procedures for periodic testing and revision of contingency plans 10.7 provides guidance for performing log searches Organizations should regularly log everything that goes on. 164.310 (a)(1) Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed. 10.8 provides guidance to demonstrate you have implemented a process for the timely detection and reporting failures of critical security control system 164.310 (a)(2)(ii) Implement policies and procedures to safeguard the facility 11.4 shows Network IDS incidents and customer escalation 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help