Team Assignment Essay

5619 Words Jul 20th, 2015 23 Pages
Group 1 Team Assignment CSEC 630- 9026 Jeff Daniels

Written by: Kevin Alton, Nadia Iqbal, and Alex Polevoy

July 2015

Table of Contents
Introduction.…………………………………………………………………..………….3

Section I: iTrust Threats & Vulnerabilities and Countermeasures.……………..…………..3

Section II:
Recommended Changes to Security Management Policies………...……………..7

Section III:
Adaption of Requirements to Reduce Security Risk……….……………....…......11

Conclusion. …………………………………….…………………………………….…21

References ……………………………………………………………...………………23

Introduction
…show more content…
“Unlike PCI DSS, HIPAA itself does not descend to the level of security controls and technologies to implement. This requires the organizations affected by HIPAA—also known as “covered entities”—to try to follow the spirit of the regulation as opposed to its letter” (Chuvakin & Schmidt, 2013). The iTrust database contains protected health information and therefore identifies as a covered entity and must establish safeguards to protect the confidentiality, integrity, and availability of electronic data. Compliance with HIPAA security standards in the areas of administrative safeguards, physical safeguards, stored data safeguards, and technical security mechanisms are required for an entity to achieve HIPAA compliance.
Lack of Access Control
The lack of administrative safeguards that control information access management concluded that the iTrust website and database lack the appropriate access controls to protect and safeguard patient data. Access controls should enable authorized users to access the minimum necessary information needed to perform job functions (HHS, 2007). Additionally, every person accessing the system should have a unique account for accountability and auditing purposes. HIPAA does not publish a guide with the exact security controls to achieve compliance, which is the direct opposite of PCI DSS. Instead, HPIAA would rather an organization achieve compliance with a sincere aspiration to protect sensitive patient