Information Security Risk Management Plan for Power AI Organization

Verified

Added on 2023/01/13

AI Summary

This report presents a risk management plan focused on safeguarding patient information within the Power AI organization. It identifies key advantages of a risk management plan, including improved project identification, enhanced data quality, effective decision-making, better communication, and efficient issue eradication. The report outlines the steps involved in creating such a plan, emphasizing risk identification, analysis, action, and monitoring. Furthermore, it details various threats, vulnerabilities, and attacks that can compromise patient data, such as Trojan horses, ransomware, theft of intellectual property, information extortion, identity theft, and data sabotage. A risk management plan is then presented, with suggested controls to mitigate identified risks. Finally, the report highlights the responsibilities of both users and vendors in ensuring the security and integrity of patient information systems, emphasizing contractual commitments and data protection measures.

Running head: PART B APPENDIX
Information Security and Governance: Part B Appendix
Name of the Student
Name of the University
Author’s Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
PART B APPENDIX
Table of Contents
Part B: Appendix........................................................................................................................2
1. Risk Management Plan......................................................................................................2
2. Threats, Vulnerabilities and Attacks of Formal Plan.........................................................3
3. Risk Management Plan......................................................................................................3
4. Responsibility for User and Vendor...................................................................................4

2
PART B APPENDIX
Part B: Appendix
1. Risk Management Plan
The risk assessment or management of the major risks of PAI patient information is
required for the organization.
i) The major advantages that a Risk Management Plan can bring to a company are as
follows:
a) Easy to Spot Projects: It helps in spotting the projects easily and promptly.
b) Provides Better Data Quality: The data quality becomes better with this type of
plan.
c) Effective Decision Making: The entire process of decision making is extremely
effective and efficient and thus risk management planning is required.
d) Better Communication: An effective communication is the next important and
significant advantage of risk management plan.
e) Better Eradication of Issues: The risks and issues are eradicated in a better manner
without any kind of complexity.
The main steps to make this type of plan are as follows:
a) Identification of Risks.
b) Analysis of the Identified Risks.
c) Action taken for the Identified Risks.
d) Monitoring the Risks.
e) Removing the Risks.

3
PART B APPENDIX
2. Threats, Vulnerabilities and Attacks of Formal Plan
The major threats, vulnerabilities and attacks of the patient information are as follows:
i) Trojan Horse: This is one of the major and significant threat and attack to the
patient information within Power AI organization. The main purpose of this type of threat is
to conceal themselves within software, which seem legal and when the software is getting
executed, they would be doing the task for either stealing of information and any other
purpose for which these are being designed.
ii) Ransomware: This type of malware mainly encrypts the files and even locks the
system for making is accessible entirely.
iii) Theft of Intellectual Properties: The third risk is the theft of intellectual property
and hence the intellectual property rights such as patents and copyrights are violated.
iv) Information Extortion: This particular risk ensures that the organizational
information and property is being received for exchange of payment.
v) Identity Theft: This kind of risk ensures to act someone else for obtaining the
personal information of an individual for accessing the vital information, which are required
to be accessed.
vi) Sabotage of Data: The sabotage of information refers to destroying of information
for causing loss of confidence.
3. Risk Management Plan
The risk management plan for the patient information within organization of Power
AI is as follows:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
PART B APPENDIX
Threats, Vulnerabilities
and Attacks
Priorities Set Suggested Controls
Trojan Horse High Installation of right endpoint
protection software.
Ransomware High Regular updates of software
and data backup system.
Theft of Intellectual
Properties
High Employment agreements
and non compete
agreements.
Information Extortion Low Creation of file backups and
training of employees.
Identity Theft Medium Securing the Social Security
Number or SSN.
Sabotage of Data Medium Securing security policy and
lack of neglecting physical
security.
Table 1: Risk Management Plan
4. Responsibility for User and Vendor
There are several responsibilities of both the user and vendor of the patient
information system. Amongst them, the major responsibilities include ensuring that every
contract with the suppliers eventually support the business requirements efficiently. The
process of ITIL includes ensuring that every supplier is meeting the contractual commitment.
The user will have to ensure that the data is not getting hacked under any circumstance and
proper awareness is initiated.