logo

Risk management plan – single risk Company name: MyHealth.

   

Added on  2023-01-17

1 Pages339 Words66 Views
Risk management plan – single risk
Company name: MyHealth Completed by: Student name
Work area: Cybersecurity management Date completed: date
Hazard identification
Hazard: Unauthorized access of database server
Risk assessment
What harm could the
hazard cause?
Company can loss their reputation in the market and it is also risky for
treatment of patients. Database is having payment details.
What is the likelihood
of this happening
Because of open access to the server room of all the staff, it can cause to the
hacking of server. It increases likelihood of this threat.
Existing control
measure
1. Restrict entry for all the staff
2. IT people can entry in the room with permission
3. Server and other devices will be in physical security
Consequence $500,000
Likelihood 0.5
Outcome Annualized Loss Expectancy (ALE) = 250,000
Control measures
Detective controls Restrict entry of all the staff
Secure and strong password with the help of password creator tools
Corrective controls Update antivirus of all the systems
Preventive Install network firewall to secure network
Administrative
Provide different access level based on the requirements to all staff
members
Implementation
Associated activities Resources
required
Person(s)
responsible Sign off and date
Installing a firewall Firewall hardware
Chief information
security officer
(CISO)’s name
CISO signature and
date
Updating antivirus Antivirus
definition Allocated person CISO signature and
date
Update operating systems Windows 10
Chief information
security officer
(CISO)’s name
CISO signature and
date
REVIEW
Scheduled review date: / /
Are the control measures in place?
Yes/no based on the student assumption
Are the controls eliminating/minimising the risk?
Yes/no based on the student assumption
Are there any new problems with the risk?
Explain if the existing risk exceeds t the acceptable level of risk in the company
Adapted from: Workplace Health and Safety Queensland – How to manage work health and safety risks code of practice. 2011

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Risk management plan – single risk Company name: MyHealth.
|2
|468
|50

Risk management plan – single risk Company name: MyHealth.
|2
|432
|40

Malware Attack Report: Zenith Stock Exchange
|15
|1137
|222

Computer and Network Security Content
|21
|1055
|20

Role and Importance of Risk Register for University's Digital Security
|13
|3003
|227

Safe Computing | Presentation
|12
|468
|41