Risk Management in a Business Model

Verified

Added on 2022/09/07

AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Risk Management in a Business Model
Student’s name
Institution Affiliation(s)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Abstract
The organization does not have an adequate information security strategy, and critical
elements of a secure network are missing. The business is compliant with the Health Insurance
Portability and Accountability Act (HIPAA) and follows other external compliance requirements
as well. The report identifies the existing situation of the business and pinpoints risks and
mitigation techniques with respect to a computer network and information security.

Introduction
HIPAA are security rules that allow for elasticity according to the size, structure to a
specific business, and its methods of handling data. In a business model, risk assessment is
supposed to be done periodically. During the evaluation, both public and private data is
evaluated. For our organization, I would recommend the extension of the HIPAA security outline
when coming up with an information security policy. The following table provides us with areas
that need improvement (Vanderpool, 2019).
Policy Description What’s affected Who’s
affected
Why When
Prevention of
Physical theft
(Drolet,
Marwaha,
Hyatt, Blazar,
& Lifchez,
2017)
Physical preventions
are put in place to
prevent both the
hard drives and
other storage devices
BYOD devices
such as cell phones,
personal PCs,
workstations and
other external Disk
Drives
All system
users are
affected (Drolet
et al., 2017)
The reason is to
ensure that all the
data is secured and
protected from
physical theft.
System users
are affected all
the time.
Back up and
physical
access
Only authorized
persons are allowed
to access the
network servers
The NAS, routers,
servers, and
switches (Chen &
Benusa, 2017).
Authorized
persons such as
admins and all
those with
clearance to
handle storage
and data areas.
Switches, routers,
and data drives are
only made
accessible to
authorized
organization
personnel.
Both access to
network servers
and other
network devices
should be made
available only
to authorized
persons.
Employee
training on IS
policy
The exercise is
aimed at ensuring
that all employees
get training on the
existing IS strategies
The existing
policies and
procedures
(Mbonihankuye,
Nkunzimana, &
Ndagijimana, 2019)
Both the
employees and
the
management
Policies and
procedures that
govern IS should be
known to all
employees
During
scheduled
training periods
and when the
year ends.
One-time-
passwords
(OTP)
Users should be
prompted for new
passwords after 1 to
2 months.
The whole
computer network
system
All system
users are
affected
(Mbonihankuye
et al., 2019)
The reason is to
contain both
dictionary and brute
force attacks.
The password
would last
between 1 to 2
months from
the time it was
created

Conclusion
To sum up, our organization lacks in terms of security procedures for our information
security network needs. An extension of HIPAA regulations and rules are used as the foundation
of coming up with a security strategy. Several more methodologies or actions are listed on the
table above, aimed at providing a more secure system where patients, employees, suppliers, and
our closest associate’s data are guaranteed safety. After the report is presented to the board of
management, more policies and procedures can be enacted.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

References
Chen, J. Q., & Benusa, A. (2017). HIPAA security compliance challenges: The case for small
healthcare providers. International Journal of Healthcare Management, 10(2), 135–146.
https://doi.org/10.1080/20479700.2016.1270875
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic
Communication of Protected Health Information: Privacy, Security, and HIPAA
Compliance. The Journal of Hand Surgery, 42(6), 411–416.
https://doi.org/10.1016/j.jhsa.2017.03.023
Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare Data Security
Technology: HIPAA Compliance [Research Article].
https://doi.org/10.1155/2019/1927495
Vanderpool, D. (2019). HIPAA COMPLIANCE: A Common Sense Approach. Innovations in
Clinical Neuroscience, 16(1–2), 38–41.

1 out of 5

+13062052269

info@desklib.com

Risk Management in a Business Model

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

ENGR8762 Computer Networks and Cybersecurity

Common Network Attacks And Standard Network Defense Mitigation

Network and Security Administrator Asignment

Data and Computer Networking: OSPF Router Configuration, Switching and DHCP Configuration

Computer Security: Definition, Goals, Threats, Challenges, and Risk Mitigation

Features of OpManager: Network Application Presentation