Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd Logo
Upload

Welcome to Scribd!

  • 256 views

    Lab #3 - Assessment Worksheet: A. Healthcare Provider Under HIPPA Compliance Law

    Uploaded by

    Duong Chi Hung (K15 HCM)
    The document is a lab assessment worksheet for a student named Dương Chí Hùng assigned to a higher education institution scenario under FERPA compliance law. It contains questions about IT risk management goals, components, definitions, and techniques for planning, identifying, assessing, mitigating, and monitoring risks within the seven domains of IT infrastructure. The student's responses indicate an understanding of compliance requirements and methods for securing systems and data according to the scenario's legal obligations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Lab #3 - Assessment Worksheet: A. Healthcare Provider Under HIPPA Compliance Law

    Uploaded by

    Duong Chi Hung (K15 HCM)
    256 views5 pages
    The document is a lab assessment worksheet for a student named Dương Chí Hùng assigned to a higher education institution scenario under FERPA compliance law. It contains questions about IT risk management goals, components, definitions, and techniques for planning, identifying, assessing, mitigating, and monitoring risks within the seven domains of IT infrastructure. The student's responses indicate an understanding of compliance requirements and methods for securing systems and data according to the scenario's legal obligations.

    Original Title

    Lab03

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document is a lab assessment worksheet for a student named Dương Chí Hùng assigned to a higher education institution scenario under FERPA compliance law. It contains questions about IT risk management goals, components, definitions, and techniques for planning, identifying, assessing, mitigating, and monitoring risks within the seven domains of IT infrastructure. The student's responses indicate an understanding of compliance requirements and methods for securing systems and data according to the scenario's legal obligations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    256 views5 pages

    Lab #3 - Assessment Worksheet: A. Healthcare Provider Under HIPPA Compliance Law

    Uploaded by

    Duong Chi Hung (K15 HCM)
    The document is a lab assessment worksheet for a student named Dương Chí Hùng assigned to a higher education institution scenario under FERPA compliance law. It contains questions about IT risk management goals, components, definitions, and techniques for planning, identifying, assessing, mitigating, and monitoring risks within the seven domains of IT infrastructure. The student's responses indicate an understanding of compliance requirements and methods for securing systems and data according to the scenario's legal obligations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 5
    At a glance
    Powered by AI
    The key takeaways are about IT risk management plans including their goals, components, and definitions.

    To define how risks will be managed, monitored, and controlled throughout the project.

    Risk Planning, Risk Identification, Risk Assessment, Risk Mitigation, Risk Monitoring

    Lab #3 - Assessment Worksheet

    Course Name: IAA202


    Student Name: Dương Chí Hùng - SE151235
    Instructor Name: Nguyễn Tấn Danh
    Lab Due Date: 4/6/2021

    Overview
    1. Circle the scenario and industry vertical your Instructor assigned to
    your group:
    a. Healthcare provider under HIPPA compliance law
    b. Regional bank under GLBA compliance law
    c. Nationwide retailer under PCI DSS standard requirements
    d. Higher-education institution under FERPA compliance law

    2. Make sure your table of contents addresses your scenario and


    vertical industry.
    I’m sure.
    3. Make sure your table of contents includes at a minimum, the five
    major parts of IT risk management:
    Risk planning
    Risk identification
    Risk assessment
    Risk mitigation
    Risk monitoring

    3. Make sure your table of contents is executive management ready


    and addresses all the risk topics and issues needed for executive
    management awareness.
    I’m sure.
    5. Answer Lab #3 – Assessment Worksheet questions and submit as
    part of your Lab #3 deliverables.
    The worksheet is below this page.
    Lab #3 - Assessment Worksheet

    Course Name: IAA202


    Student Name: Dương Chí Hùng - SE151235
    Instructor Name: Nguyễn Tấn Danh
    Lab Due Date: 4/6/2021

    Lab Assessment Questions


    1. What is the goal or objective of an IT risk management plan?
    To define how risks will be managed, monitored, and controlled
    throughout the project.

    2. What are the five fundamental components of an IT risk


    management plan?
    - Risk Planning
    - Risk Identification
    - Risk Assessment
    - Risk Mitigation
    - Risk Monitoring

    3. Define what risk planning is.


    Specialized type of project management. You create a risk
    management plan to mitigate risks. It helps you identify the risks and
    choose the best solutions. It also helps you track the solutions to
    ensure they are implemented on budget and on schedule.

    4. What is the first step in performing risk management?


    Risk Identification

    5. Risk Assessment is the exercise when you are trying to identify an


    organization’s risk health.
    Risk

    6. What is the practice that helps reduce or eliminate risk.


    Risk Mitigation

    7. What is the on-going practice that helps track risk in real-time


    Risk Monitoring
    8. Given that an IT risk management plan can be large in scope, why is
    it a good idea to development a risk management plan team?
    So no tasks are easily missed and the goal of the project can be
    completed.

    9. Within the seven domains of a typical IT infrastructure, which


    domain is the most difficult to plan, identify, assess, remediate, and
    monitor?
    User Domain

    10. From your scenario perspective, with which compliance law


    or standard does your organization have to comply? How did this
    impact the scope and boundary of your IT risk management
    plan?
    Honorring that the law requires a student to recieves grades from
    instructors physically.

    11. How did the risk identification and risk assessment of the
    identified risks, threats, and vulnerabilities contribute to your IT
    risk management plan table of contents?
    It was detailed properly to locate provided information needed.

    12. What risks, threats, and vulnerabilities did you identify and
    assess that require immediate risk mitigation given the criticality
    of the threat or vulnerability?
    Unauthorized access from public Internet; hacker penetrates IT
    Infrastructure; Communication circuit outages; user destroys data; fire
    destroys data; loss of production server; service provider has a major
    network outage.

    13. For risk monitoring, what techniques or tools can you


    implement within each of the seven domains of a typical IT
    infrastructure to help mitigate risk?
    a. User Domain: raise user awareness, implement acceptable use
    policies (AUPs) to ensure users know what they should and shouldn’t
    be doing. Use login banners to remind users of the AUP’s. Send out
    occasional e-mails with security tibits to keep security in their minds
    and use posters in employee areas
    b. Workstation Domain: Install Antivirus software, and update it
    regularly, keep operating systems up to date, evaluat and deploy
    security patches when needed as they become available.
    c. LAN Domain: Routesr have ACL’s (access control lists) which
    controls what traffic is allowed though them. Switches can be
    programmed for specific functionality. They are commonly located in a
    wiring closet or server room which protects it from physical
    security.Modify ACLs as needed. Practice port security as a added
    control. This ensures that only specific computers are able to attach to
    the network device. What that means it that an attacker brings his
    computer he wont be able to connect that computer to the network.
    d. LAN-to-WAN Domain: firewalls that would discriminate and allow
    only certain types of traffic through. Training admins to understand
    the importance of limiting the number of firewall rules.
    e. WAN Domain: use of a demilitarized zone which uses two
    firewalls. One firewall has direct access to the internet and the other
    to the internet network. When patches are available test them to
    ensure it doent have any negative impacts and then deploy to the
    servers.
    f. Remote Access Domain: can use several different controls
    toprotect servers. Automatic callback is one with dial-in remote access
    servers. It hangs up and calls the home number after she logs on from
    being prompted to log on. This is used with people who work from
    home. Another one is remote access policies. They’re used to specify
    the only layer 2 tunneling protocol connections are allowed.
    Additionally Internet Protocol Security (IPSec) could be required to
    ensure the connection encrypted.
    g. Systems/Applications Domain: ensure administrators have
    adequate training and knowledge. Configuration and change
    management practices are helpful configuration management ensures
    the systems are configured using sound security practices. Change
    management ensures that the configuration is not modified without
    adequate review. Administrators of these systems need to test the
    patches they get from the vendors and make sure no negatives and
    then send them out.

    14. For risk mitigation, what processes and procedures are needed to
    help streamline and implement risk mitigation solutions to the
    production IT infrastructure?
    Qualitative Riskk Assessment - Subjecttive; based on opinions of
    experts; quicker & cheaper; word values Low, Medium, High; required
    a definition of scales used in the risk assessment; and Quantitive
    Assessment - Objective, numeric values i.e., dollar amount consuming;
    access to large amount of historical data necessary is not always
    accessible; based on SLE, ARO, and ALE formulas shows clear losses
    and savings with dollar values; data can be used for benefit analysis.

    15. How does risk mitigation impact change control management and
    vulnerability management?
    Change control is a systematic way to approaching change, within an
    organization, it can prevent the possibility of services becoming
    interrupted and if so, provide a plan to bring them back up as soon as
    possible.

    You might also like