Security Risk Assessment: Analysis of Hospital Project

Verified

Added on 2019/09/24

AI Summary

This assignment presents a comprehensive security risk assessment for a hospital project, focusing on the development of a new system to replace an existing one. The project scope includes prototype development and subsequent testing before implementation. A Gantt chart outlines the project schedule, detailing activities and deliverables. The risk analysis identifies vulnerabilities and proposes security mitigation strategies, covering administrative, physical, and technical safeguards. It addresses issues like lack of a designated security officer, insufficient physical security, and inadequate access controls. The assignment also covers organizational standards, project budget, and required policies and procedures. The project aims to ensure the security of patient data and compliance with HIPAA and HITECH regulations.

Introduction
The project manager has considered the responsibility and has developed the plan for security
risk assessment. The risk assessment of the existing system led to the conclusion that it requires
overhaul and new system need to be developed in place of the old ones. The new system will be
developed using the various resources brought from the outside.
Project Scope
The development of the new system will be done on the prototype level and after the proper
testing; it will be implemented in the hospital. The Gantt chart below shows the activities that
have been considered for the implementation.
Project Schedule and Deliverables

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Risk Analysis HIPAA and HITECH
Security Component Vulnerabilities Security Mitigation
Strategies
Administrative Safeguards No security officer is
designated
Workforce is not trained
Assign designated security
officer
Begin workforce training at
hire
Physical Safeguards Computer equipment is easily
accessible by the public
Facility has insufficient locks
Lock offices when not in use
Put screen shield for
secondary viewers

and other barriers to patient
data access
Technical Safeguards Poor controls allow
inappropriate access to
information
No measures in place to keep
electronic patient data from
improper changes
Secure user id and password
Install Anti-hacking and anti-
malware software
Organizational Standard No breach notification and
associated policies exist
Regular review of agreements
conducted and updated
Policies and Procedures The manager performs ad hoc
security measures
Routine updates to be made
Project Budget
The project activities developed will be followed through to ensure that the entire
implementations of the project activities are complete as per the stated time and resources.
Budgets have been defined for the various activities. The budget allocated was as per the top-
down approach and had been defined by the management.