Risk Management Plan: Cybersecurity for MyHealth Company, CMP73001

Verified

Added on 2023/01/17

AI Summary

This report details a cybersecurity risk management plan for MyHealth Company, addressing vulnerabilities in their wireless network security. The plan begins with hazard identification, pinpointing the potential for unauthorized access and data breaches. A comprehensive risk assessment follows, evaluating the likelihood and impact of such threats, including financial loss and data compromise. The report then outlines various control measures, categorizing them as detective, corrective, and preventive, to mitigate identified risks. These include implementing firewalls, antivirus software, and access restrictions. The plan also specifies implementation activities, resource requirements, and a schedule for review and updates, ensuring the ongoing effectiveness of the security measures. The report is based on the student's assumption and the Workplace Health and Safety Queensland – How to manage work health and safety risks code of practice. 2011.

Risk management plan – single risk
Company name: MyHealth Completed by: Student name
Work area: Cyber security management Date completed: date
Hazard identification
Hazard: wireless network security
Risk assessment
What harm could the
hazard cause?
Because of less security in wireless network, anyone can access all the assets of the
company and damage their data and information. Hackers can access the payment
details and patients information for personal uses. They can sale patient’s data and
information to anyone for their personal benefits. Wireless access points are situated in
an open area. Therefore, anyone can configure them and access the information.
What is the likelihood
of this happening
This threat is highly occurred in the company. It will happen because of less
information and knowledge of information assets.
Existing control
measure
 Provide separate username and password to every staff member to access
wireless network.
 All staff members are responsible for security of wireless network
 Physical security is necessary for wireless access points
 Wireless access points should have locks.
Consequence SLE= 1,000,000 X 50% = $500,000
Likelihood ALE= SLE X ARO = 500,000 X 0.5 = 250,000
Outcome Company will lose their data and information because of less security and unauthorized
access
Control measures
Detective controls Detect virus using antivirus in the system and remove them as soon as possible
Detect unauthorized access in the network using firewalls and block all that websites
Corrective controls Configure routers and switches to secure all the network and monitoring
Preventive Prevent whole network from unauthorized access of attackers using firewalls and IDS
Administrative Restrict all the sensitive areas, such as server room
Implementation
Associated activities Resources
required
Person(s)
responsible Sign off and date
Installing a firewall Firewall hardware
Chief information
security officer
(CISO)’s name
CISO signature and
date
Update all the antiviruses from new
definition Licence antivirus Respective person CISO signature and
date
Update all the operating systems from
windows 10 with latest patches Windows licence
Chief information
security officer
(CISO)’s name
CISO signature and
date
Configure routers and switches Router and
switches
Chief information
security officer
(CISO)’s name
CISO signature and
date
REVIEW
Scheduled review date: / /
Are the control measures in place?
Yes/no based on the student assumption

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Are the controls eliminating/minimising the risk?
Yes/no based on the student assumption
Are there any new problems with the risk?
Explain if the existing risk exceeds t the acceptable level of risk in the company
Adapted from: Workplace Health and Safety Queensland – How to manage work health and safety risks code of practice. 2011