CYB:407-WK3-RISKREGISTRY-SAP-PHI:EPHI
.docx
keyboard_arrow_up
School
University of Phoenix *
*We aren’t endorsed by this school
Course
407
Subject
Philosophy
Date
Apr 3, 2024
Type
docx
Pages
8
Uploaded by lejb1288
CYB/407- WEEK3-RISKREGISTRY-SAP-PHI/EPHI Risk Likelihood Impact Risk Owner Resources Estimated Description Required Completion for Risk Date Registry <Briefly <Low, <Low, <List department | <List hardware, <Provide a describe the | Medium, or Medium, or or role> software, date based risk> High> High> personnel, on the risk and/or policy complexity needed> and today’s date> An employee | Low High Access 1. Aserver March 2023 mistakenly Control providing sent an email Security verification of a patient’s Officer of PHI PHI General information information Management which to the wrong Employees includes individual. patient email address to ensure this mistake does not occur again. 2. Provide employee training program to ensure that this incident does not repeat. Brute force Medium High Analyst 1. Policy February or password Access implemented | 2023 cracking Control that requires occurring Security all
Risk Likelihood Impact Risk Owner Resources Estimated Description Required Completion for Risk Date Registry due to weak Officer passwords passwords 3. Employees to meeta allowing for certain client length and information special to be character accessed. criteria to make sure brute force or password cracking does not happen again. PHI High High 1. Information Continuous | April 2023 information Systems IDS/IPS was exposed Owner monitoring by hackers 2. IT Security showing us a Team vulnerability 3. Information in our security software Officer and/or network. Finding data | Medium High 1. Engineering Employee April 2023 breaches Department Training through Program internal and AnewDLP external risk System assessments Adding additional analytics for your network The loss of High Very High 1. Accounting A new back- | February original Department up systemto | 2023 server data 2. Record/Filing keep original by losing Department documents access to safe in the PHI. eventofa breach or down server.
Descripti Security Securit System Last Asset Assessm Policy on of Control Categoriza | Assessm ent Alignme Vulnerab | Number and | Control tion for ent Method nt ility Name Type Risk Level | Informati Impact on <Describ | <List the <Comm | <High, <Identify <Describ | <Identify | <Indicate e the Security on, moderate, any e the at least what vulnerabil | Control name | System | or low> security asset that | one way security ity> and number> | - assessme | will be you can policy Specific nts from tested> test this aligns 5 the past> asset> with the Hybrid> asset> Employee | NIST: SP Commo | Low During a All Adding Conducti s 800-37 n security employee | tracesto | ng accidenta | Awareness risk s and alle mails | regular lly email and assessme | their being training patient Monitoring nt, itwas | system. sentto all | with PHI noted patient employee informatio | sanction there was recipients | s n to the Policy: a lack of and concernin wrong 164.308(a)(1) emp!oyee havipg g recipient. | (ii)(C) training emails password concernin removed | manage g or ment and authentica marked protectio tion undeliver | n. credential able if s with sent to access to the wrong PHI data. patient. Brute NIST: SP Internal | Moderate Arecent All An Penetrati force or 800-53 and assessme | employee | internal on testing password | Identification commo nt s and penetratio | policy. cracking and n identified | their n test and occurring | Authentication that the respected | brute- due to Access current systems. | force weak Control password attack
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help