IT Risk Management
Added on 2022-12-14
15 Pages2761 Words207 Views
Running head: IT RISK MANAGEMENT
IT risk Management
Name of the Student
Name of the University
IT risk Management
Name of the Student
Name of the University
1IT RISK MANAGEMENT
Table of Content
Plan, Develop and Manage a Security Policy............................................................................3
Security Policy Plan...............................................................................................................3
Develop a Security Policy......................................................................................................3
Manage a Security Policy.......................................................................................................3
Conclusion..............................................................................................................................3
Risk Assessment.........................................................................................................................4
Introduction of the organisation and the IT systems..............................................................4
Risk identification..................................................................................................................4
Risk Assessment.....................................................................................................................4
Risk Evaluation......................................................................................................................5
Risk Mitigation.......................................................................................................................5
Rationale for conducting Risk Assessment............................................................................5
Conclusion..............................................................................................................................5
Table of Content
Plan, Develop and Manage a Security Policy............................................................................3
Security Policy Plan...............................................................................................................3
Develop a Security Policy......................................................................................................3
Manage a Security Policy.......................................................................................................3
Conclusion..............................................................................................................................3
Risk Assessment.........................................................................................................................4
Introduction of the organisation and the IT systems..............................................................4
Risk identification..................................................................................................................4
Risk Assessment.....................................................................................................................4
Risk Evaluation......................................................................................................................5
Risk Mitigation.......................................................................................................................5
Rationale for conducting Risk Assessment............................................................................5
Conclusion..............................................................................................................................5
2IT RISK MANAGEMENT
Plan, Develop and Manage a Security Policy
Planning system access security policy
There are different access control models available within IT industry. Among these
models the most suitable model is needed to be selected and applied by while planning,
developing and managing the IT access security policies. The security policy must reflect the
executive level risks that may interrupt the project success. The Commonwealth government
of Australia has planned to launch “My Health Record” system to keep patient’s records
updated, secured and easy accessible. These information are confidential therefore, the
information are required to be secured from unwanted people access.
The three users considered for this system are doctors, patients and nurses and below
are the access security policy details planned, developed and managed elaborated in the
below section.
At the initial stage potential risks are needed to be identified
Each legal components and requirements must be fulfilled
The security level must be develop based on potential risks
While developing the policy all the staffs are to be involved and possible
Based on the market status security components should be developed
For commonwealth government of Australia’s “My Health record” online data
keeping system, the resources are project manager, Chief Information Officer (CIO), finance
manager, clinical operators, HR manage, resource manager etc. The physical resources that
are considered for the project include hardware, equipments, network, software application
etc. Theses equipments and applications are needed to be periodically maintained.
Plan, Develop and Manage a Security Policy
Planning system access security policy
There are different access control models available within IT industry. Among these
models the most suitable model is needed to be selected and applied by while planning,
developing and managing the IT access security policies. The security policy must reflect the
executive level risks that may interrupt the project success. The Commonwealth government
of Australia has planned to launch “My Health Record” system to keep patient’s records
updated, secured and easy accessible. These information are confidential therefore, the
information are required to be secured from unwanted people access.
The three users considered for this system are doctors, patients and nurses and below
are the access security policy details planned, developed and managed elaborated in the
below section.
At the initial stage potential risks are needed to be identified
Each legal components and requirements must be fulfilled
The security level must be develop based on potential risks
While developing the policy all the staffs are to be involved and possible
Based on the market status security components should be developed
For commonwealth government of Australia’s “My Health record” online data
keeping system, the resources are project manager, Chief Information Officer (CIO), finance
manager, clinical operators, HR manage, resource manager etc. The physical resources that
are considered for the project include hardware, equipments, network, software application
etc. Theses equipments and applications are needed to be periodically maintained.
3IT RISK MANAGEMENT
The “My Health record”, electronic health record keeping system stores individual
patient’s health related information in the online database and here data insertion, deletion
and update are possible. The authorized users are only allowed to access this information
from the server while required. Patient’s personal and financial data both are stored in the
database therefore; security is one of the major aspects for this project. The data server where
resources details are stored should be secured with encryption mechanism. Authorized people
who have the decryption key only will be able to decrypt data. Apart from this application
firewall must be included to the security policy developed for the Commonwealth’s
government of Australia.
After analysing the operational and functional scenario of commonwealth government
of Australia “My Health Record” project it is determined that, protective Security
requirement framework must be incorporated to secure the information stored in the server.
The framework needs to be a 4 tier framework, comprises of tier 1: strategic directive
security, core policy based on mandatory requirements, protocols and best practice level
guidance. The additional factors those are essential for the systems are accountability,
efficiency, leadership, openness and transparency.
Development of system access security policy
Defining objective and justification of the policy
Definitions that are used thoroughly in the documentation period
Responsibility and task distribution among the project individuals
Policy scope statement development i.e. who and what it affects.
The business security policy is referred to as a documentation that reflects the way
followed by which an organization’s data can keep secured and protected from external
attackers. The security policy will help to secure both physical and technical company
The “My Health record”, electronic health record keeping system stores individual
patient’s health related information in the online database and here data insertion, deletion
and update are possible. The authorized users are only allowed to access this information
from the server while required. Patient’s personal and financial data both are stored in the
database therefore; security is one of the major aspects for this project. The data server where
resources details are stored should be secured with encryption mechanism. Authorized people
who have the decryption key only will be able to decrypt data. Apart from this application
firewall must be included to the security policy developed for the Commonwealth’s
government of Australia.
After analysing the operational and functional scenario of commonwealth government
of Australia “My Health Record” project it is determined that, protective Security
requirement framework must be incorporated to secure the information stored in the server.
The framework needs to be a 4 tier framework, comprises of tier 1: strategic directive
security, core policy based on mandatory requirements, protocols and best practice level
guidance. The additional factors those are essential for the systems are accountability,
efficiency, leadership, openness and transparency.
Development of system access security policy
Defining objective and justification of the policy
Definitions that are used thoroughly in the documentation period
Responsibility and task distribution among the project individuals
Policy scope statement development i.e. who and what it affects.
The business security policy is referred to as a documentation that reflects the way
followed by which an organization’s data can keep secured and protected from external
attackers. The security policy will help to secure both physical and technical company
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
A Case Study Of The Australian Health System | Case Studylg...
|6
|1160
|65
Recommendations for Electronic Health Recordlg...
|13
|2816
|38
Security Policy and Risk Assessmentlg...
|8
|2348
|24
IT Risk Management: Planning, Developing and Managing Security Policieslg...
|12
|3139
|332
Case Study Of My Health Recordlg...
|16
|3468
|25
There are some major risks of IT systemslg...
|17
|4107
|39