Information Security and Governance: Part B Appendix

Verified

Added on  2023/01/13

|5
|703
|59
AI Summary
This document is Part B Appendix of the Information Security and Governance. It includes a risk management plan, threats, vulnerabilities, and attacks of a formal plan, and responsibilities for users and vendors.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: PART B APPENDIX
Information Security and Governance: Part B Appendix
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1
PART B APPENDIX
Table of Contents
Part B: Appendix........................................................................................................................2
1. Risk Management Plan......................................................................................................2
2. Threats, Vulnerabilities and Attacks of Formal Plan.........................................................3
3. Risk Management Plan......................................................................................................3
4. Responsibility for User and Vendor...................................................................................4
Document Page
2
PART B APPENDIX
Part B: Appendix
1. Risk Management Plan
The risk assessment or management of the major risks of PAI patient information is
required for the organization.
i) The major advantages that a Risk Management Plan can bring to a company are as
follows:
a) Easy to Spot Projects: It helps in spotting the projects easily and promptly.
b) Provides Better Data Quality: The data quality becomes better with this type of
plan.
c) Effective Decision Making: The entire process of decision making is extremely
effective and efficient and thus risk management planning is required.
d) Better Communication: An effective communication is the next important and
significant advantage of risk management plan.
e) Better Eradication of Issues: The risks and issues are eradicated in a better manner
without any kind of complexity.
The main steps to make this type of plan are as follows:
a) Identification of Risks.
b) Analysis of the Identified Risks.
c) Action taken for the Identified Risks.
d) Monitoring the Risks.
e) Removing the Risks.
Document Page
3
PART B APPENDIX
2. Threats, Vulnerabilities and Attacks of Formal Plan
The major threats, vulnerabilities and attacks of the patient information are as follows:
i) Trojan Horse: This is one of the major and significant threat and attack to the
patient information within Power AI organization. The main purpose of this type of threat is
to conceal themselves within software, which seem legal and when the software is getting
executed, they would be doing the task for either stealing of information and any other
purpose for which these are being designed.
ii) Ransomware: This type of malware mainly encrypts the files and even locks the
system for making is accessible entirely.
iii) Theft of Intellectual Properties: The third risk is the theft of intellectual property
and hence the intellectual property rights such as patents and copyrights are violated.
iv) Information Extortion: This particular risk ensures that the organizational
information and property is being received for exchange of payment.
v) Identity Theft: This kind of risk ensures to act someone else for obtaining the
personal information of an individual for accessing the vital information, which are required
to be accessed.
vi) Sabotage of Data: The sabotage of information refers to destroying of information
for causing loss of confidence.
3. Risk Management Plan
The risk management plan for the patient information within organization of Power
AI is as follows:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4
PART B APPENDIX
Threats, Vulnerabilities
and Attacks
Priorities Set Suggested Controls
Trojan Horse High Installation of right endpoint
protection software.
Ransomware High Regular updates of software
and data backup system.
Theft of Intellectual
Properties
High Employment agreements
and non compete
agreements.
Information Extortion Low Creation of file backups and
training of employees.
Identity Theft Medium Securing the Social Security
Number or SSN.
Sabotage of Data Medium Securing security policy and
lack of neglecting physical
security.
Table 1: Risk Management Plan
4. Responsibility for User and Vendor
There are several responsibilities of both the user and vendor of the patient
information system. Amongst them, the major responsibilities include ensuring that every
contract with the suppliers eventually support the business requirements efficiently. The
process of ITIL includes ensuring that every supplier is meeting the contractual commitment.
The user will have to ensure that the data is not getting hacked under any circumstance and
proper awareness is initiated.
1 out of 5
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]