Project Management Plan: Security Risk Assessment
Added on 2019-10-18
11 Pages2079 Words169 Views
<PROJECT NAME>PROJECT MANAGEMENT PLANVersion <1.0><10/10/2016>[Insert appropriate disclaimer(s)]
<Project Name>TABLE OF CONTENTS1INTRODUCTION.....................................................................................................................21.1Purpose of Project Management Plan........................................................................21.2Assumptions/Constraints............................................................................................22SECURITY AUDIT..................................................................................................................22.1HIPAA Risk Analysis................................................................................................22.2HITECH Risk Analysis..............................................................................................22.3Cyber Security Risk Assessment...............................................................................23SCOPE MANAGEMENT........................................................................................................23.1Work Breakdown Structure........................................................................................23.2Change Control Management....................................................................................44SCHEDULE/TIME MANAGEMENT....................................................................................45QUALITY MANAGEMENT...................................................................................................76HUMAN RESOURCE MANAGEMENT...............................................................................77COMMUNICATIONS MANAGEMENT..............................................................................88RISK MANAGEMENT............................................................................................................89PROCUREMENT MANAGEMENT......................................................................................9APPENDIX A: PROJECT MANAGEMENT PLAN APPROVAL........................................10Page1 of 12[Insert appropriate disclaimer(s)]
<Project Name>1INTRODUCTION1.1PURPOSE OF PROJECT MANAGEMENT PLANThe purpose of the project is to conduct security risk assessment. There are somechallenges in the existing system which requires some overhaul.1.2ASSUMPTIONS/CONSTRAINTSAssumptions related to the project are that there will be required support from themanagement in doing this project. The possible constraint for this project is time which hasto be handled prudently and following the planned activities properly.2SECURITY AUDITThe sub-sections ahead are concerned with the security assessment of the system based onHIPAA, HITECH and Cyber Security areas.2.1HIPAA AND HITECH RISK ANALYSISThe table below shows the risk assessment for HIPAA and HITECH:Security ComponentVulnerabilitiesSecurity Mitigation StrategiesAdministrative SafeguardsNo security officer isdesignatedWorkforce is not trainedAssign designated securityofficerBegin workforce training athirePhysical SafeguardsComputer equipment is easilyaccessible by the publicFacility has insufficient locksand other barriers to patientdata accessLock offices when not in usePut screen shield for secondary viewersTechnical SafeguardsPoor controls allowinappropriate access toinformationNo measures in place to keepelectronic patient data fromimproper changesSecure user id and passwordInstall Anti-hacking and anti-malware software Organizational StandardNo breach notification andassociated policies existRegular review of agreementsconducted and updatedPolicies and ProceduresThe manager performs ad hocsecurity measuresRoutine updates to be madePage2 of 12[Insert appropriate disclaimer(s)]
<Project Name>2.2CYBER SECURITY RISK ASSESSMENTThreatCauseProcess ControlConcern?Demand TypeConsequenceSeverityDataModificationMaliciousexternal attemptYesLow DemandMediumData TheftMaliciousexternal attemptSome cybernodesHigh demandMediumDenial of ServiceMaliciousexternal attemptYesHigh DemandHighMalwareGeneral VirusYesLow DemandVery High3SCOPE MANAGEMENTThe project scope is limited to analysis of the existing system and thenimplementation of new system.3.1WORK BREAKDOWN STRUCTURETask NameBenefits Administration Software Scope Determine project scope Secure project sponsorship Define preliminary resources Secure core resources Scope complete Analysis/Software Requirements Conduct current system assessment Develop new requirements Review software specifications/budget with team Incorporate feedback on software specifications Develop delivery timeline Obtain approvals to proceed (concept, timeline, budget) Secure required resources Analysis complete Design Review preliminary software specifications Develop functional specifications Review functional specifications Incorporate feedback into functional specifications Page3 of 12[Insert appropriate disclaimer(s)]
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber Security Audit Project Management Planlg...
|11
|2085
|147
Introduction. The project manager has considered the relg...
|3
|292
|136
Information Governance and Cyber Security: Risks and Mitigation Strategieslg...
|13
|3198
|416
Project Management for Website Upgradation - Deskliblg...
|7
|1097
|414
Risk Assessment For Cyber Securitylg...
|8
|1369
|16
Information Governance And Cyber Securitylg...
|11
|3243
|86