Answer 1: Risk management plan is used for quantifying and recognizing risks, this can be done by recognizing vulnerabilities and threats. Thus, apply the assessment methodology for prioritizing the associated risks. Risk management plan idea is for defining risks that are associated with Health Network Inc., and find result as per the budget. This also covers how the activities of risk management will get monitored, recorded and performed giving practices and templates for prioritizing and recording risks to Health Network with best practices.
Answer 2: The outline will be recommendations, analysis of cost benefit, compliance, vulnerabilities and threats.
Answer 3: This will ensure that Health Network Inc remains spreading logistical data, building the management and secure to government and military personal with the use of advanced and latest technology in market. It consists of three major products: HNetConnect, HNetPay and HNetExchange.
Answer 4: Assessment of risk can proceed differently with different companies; perhaps risk assessment of the project will contain various tasks that help and make sure project success. They also recognize various best practices for risk assessment methods, which will get executed by team. The approaches will initiate with defined scope and clear objectives, ensure support of higher management, create the strong team for risk assessment, regularly repeat the risk associated, define approaches to use, and finally give the report with clear recommendations and risk.
Answer 5: Management will be responsible for all the decision that tool as part of project, and management has responsible for managing quantity of time, cost and project qualitative.
Administrator IT: It is the responsibility of manager’s advisory and ensures all the steps will take place in correct direction with the list of costs, recommended solutions, vulnerabilities and threats.
Answer 6: Week 1: in this we will gather all the information by interviewing different heads of the departments and customers to recognize vulnerabilities, threats and risks within Health Network Inc.
Week 2: In this week, we will analyze the outcome generated, investigate the accuracy of the result and then proceed by prioritizing them as per business risk level. Finally, we will assign those risks to the specific IT department.
Week 3: In this week, we will organize various meetings so that team can develop best practices by analyzing cost benefit and also recognized a member of team for each associated risk in project.
Week 4: In this week, we will record and document the Risk management plan with all the details associated with it.
Answer 7: The management plan of Risk would contain the procedure which the project team should follow. Here, we will eliminate, rank, scored and recognize different risks. In this, we will make sure the assigned manager for particular risk will take significant steps for implementing mitigation plan. As per the analysis done by manager, we will improved, eliminate and recognize the risks that found during process of execution of Risk assessment within the business of Health Network organization.
Health Network organization senior management have decided that the team of the risk manager should develop and continue the plan of risk mitigation. This will be done based on the inputs given by team in previous deliverables of the same project. For the development of the risk mitigation plan, senior management of the organization has allocated some funds. Because for an organization risk management is very important, thus, senior management is very supportive and committed in developing this plan.
Risk Mitigation Plan – This is created for making sure that all the risks associated with project are identified and are classified them from low to high level. The good Risk Mitigation Plan will contain details of its accompanying schedule, prioritization of risk and associated costs. (Gibson, 2011)
|
Threat |
Vulnerability |
Mitigation |
|
Social Engineer |
Awareness about security is lacking |
Give presentation about awareness, share occasional emails, increase the awareness with the help of posters and training |
|
Users |
Access control lacking |
Execute both access control and authentication |
|
DDoS and DoS attack |
Servers that are public-facing are not protected with intrusion detection systems and firewalls |
Execute both intrusion detection system and firewalls |
|
Data get stolen |
Implementation of access control are not correct |
Execute both intrusion detection system and firewalls |
|
Failure of an Equipment |
Back up of the data is not taken |
Backup of the data should be done properly and on regular basis |
|
Malware |
Antivirus used are outdated |
Update the antivirus on regular basis |
|
Natural disaster such as tornado, earthquake or hurricane |
Physical place |
Alternate sites were designed |
|
Fire |
Suppression equipment for fire detection is lacking |
Insurance will be purchased and fire detection will get installed with suppression equipment |
Business Impact Analysis (BIA) is the tool which will help the organization for identifying what are the critical threats. We will categorize them from Critical, Urgent, Important, Normal and non-essential status. With the help of this tool, senior management of Health Network organization can able to find the recovery time which each critical threats will take to rectify and restore for functioning. The BIA service should get completed each time new BCP will get created.
|
Status |
Recover Time |
Critical Function |
Priority |
|
Critical |
30 min – 23 hours |
Fire, DDoS and DoS attack |
High |
|
Urgent |
24 hours |
Social engineers |
High |
|
Important |
25 – 48 hours |
User, Malware |
Medium |
|
Normal |
up to 7 days |
Failure of the equipment, Natural disaster such as tornado, earthquake or hurricane |
Low |
|
Non-Essential |
up to 30 days |
Data stolen |
Low |
Below we have provided the details:
Critical Contacts
Critical resources
Disruption Impact –
Priority for recovery of Risk –
The senior management of Health Network got impressed by reviewing the Risk management plan. Thus, they decide that your team will create the BCP also. Health Network has global reach and has some file servers and databases which are running through Enterprise Resource Planning (ERP). EFT (Electronic Fund Transfer) is used for maintaining organization payroll system.
Purpose – BCP main objective is to make sure that all the important operations will function properly. At the time of disaster, BCP contains various instruction and procedure to follow for restoring the operations.
Scope – BCP will make sure that all the file servers, ERP system and EFT system will work properly at the time of disaster. Various instructions will be given to concerned team which will get referenced. There should be a warm site within 50 miles radius of main centre for data. (PCI, 2015)
Aim – This document will act as guide for all the recovery teams of Health Network. Given details of all stakeholders and vendors that needs to inform at time of disaster. For restoring provide necessary sources and process. For the fundamental records, provide recovery steps, protection and documents storage.
ERT (Emergency Recovery Team) – includes EMT (Emergency Management Team), LRT (Local Recovery Team) and IRT (Incident Recovery team)
Team roles – Updated list with college’s contact data will be available offline and online to all team members. An alternative plan of backup will be assigned to all members.
Plan Usage – As soon as the disaster occurs, Health Network organization team will initiate the management procedures into action. It will wait till the operations will resume their function properly or start from the alternative location.
Backup Process – Once the DRP fall under TRT, team has to make sure all the restore process should complete on time and the business will get resumed at earliest. In the meantime, business can continue from the alternative site which is 50 miles from the main headquarters that contain all the necessary equipment.
Disaster Emergency Contact –
Team of IT management
At business location visit of personnel
Emergency Phone number of personnel
Emergency contact number (Darril, 2015)
WAN Outage or ISP (Internet Service Provider) –
Recovery teams have confirmed that all the functions and operations are working properly and back to normal state.
Scope – Various security policies and process will secure computer from DoS attack, prevent it from malicious code or any outsiders with unauthorized access.
CIRT plan Elements – This contain information about CIRT policy details and its membership that are used in Health Network organization, details about communication methods and procedures needed for incident response.
Members in CIRT – They are the ones who are under IT security team, programmer team, server team and IT administration in Health Network Organization. There are three types of teams which support them: CIRT, DIRT (Distributed Incident Response Team) and Coordinating team.
Roles and responsibilities – One member from each department of Health Network Organization will get included. There responsibility is to maintain the document which contains all the details about incident occurred. It contains procedures for incident response, how investigation done on incident, recommend the controls took for prevention, collected evidences should be protected and use custody chain.
Accountabilities – Assume one malicious incident occurred in Health Network organization, and then CIRT team should be capable and trained enough on how they can save the organization data. Also, they should be ready with backup plan.
Policies of CIRT – All members of team can launch the defensive attack, storage process and collection of evidence, media communication and personnel safety.
Process for handling Incident – As per NIST SP 800-61 four phases are there:
References
Gibson, D. (2011). Managing Risk in Information Systems, [VitalSource Bookshelf Online], Retrieved from: https://itt-tech.vitalsource.com/#/books/9781449692445/
Darril G., 2015, Managing Risk in Information System, Retrieved from: https://www.pomsassoc.com/6-fundamental-techniques-risk-control/
PCI Compliance, 2015, Understanding and Implement Effective Data Security Standard Compliance, Fourth Edition, p. 5.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download