ISOL533 Cumberlands HealthNet Company Risk Management Paper

User Generated

Xnghxnz_fnvxhzne

Computer Science

ISOL533

University of the Cumberlands

Description

Using APA format, write the final Risk Management Paper for the HealthNet company.

Please pay attention to the SafeAssign score. If the items highlighted are not just the references, make sure you cite your sources!

The paper must contain

  • Executive Summary
  • Overview of the company
  • Explanation of the IT network (refer to the diagram in the Final Project folder
  • Risk Assessment
  • Identify assets and Activities to be protected
  • Identity threats, vulnerabilities and exploits
  • Risk Mitigation
  • BIA
  • BCP
  • DRP
  • How your plan protects the company overall

The Final Project consists of 6 assignments that are due throughout the semester. Take time when preparing your solution since it can only be submitted once.
Your solution to the Project must be your own - no credit will be given to students who submit the same or very similar documents.

and these are my 6 assignments am attaching please check this out make sure APA Format and Text citaion

Unformatted Attachment Preview

ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MANAGEMENT PLAN RISK MANAGEMENT PLAN EXECUTIVE SUMMARY The risk management plan is for Health Network, Inc. An imaginary health administrations association headquartered in minneapolis, Minnesota. Wellbeing Network has more than 600 representatives all through the association and creates $500 million USD in yearly income. The organization has two extra areas in Portland, Oregon and Arlington, Virginia, Which bolster a blend of corporate activities. Each corporate office is situated close to a co-area server farm, where generation frameworks are found and oversaw by outsider server farm facilitating sellers. Health Network has three fundamental items: HNetExchange, HNetPay, and HNetConnect. HNetExchange is the essential wellspring of income for the organization. T he administration handles secure electronic medicinal messages that start from its clients, for example, expansive healing facilities, which are then directed to getting clients, for example, centers. HNetPay is web entry way utilized by a large number of organizatinons HNetExchange clients to help the administration of secure installments and charging. The HNetPsy Web gateway, facilitated at Health Network generation locales, acknowledges different types of installments and communicates with visa preparing associations much like a web business shopping basket. HNetConnect is an online record that once-overs experts, focuses, and other restorative workplaces to allow Health Network customers to find the right sort of consideration at the right zones. It contains pros' up close and personal information, spots of business, restorative affirmations, and sorts of organizations that the experts and offices offer. Masters are given accreditations and can revive the information in their profile. Prosperity Network customers, which are the specialist's offices and focuses, partner with all of the three of the association's things using HTTPS affiliations. Authorities and potential patients can make portions and invigorate their profiles using Internet-accessible HTTPS Web go RISKS - THREATS – WEAKNESSES WITHIN EACH DOMAIN Installment chance is the hazard оf hardship due tо a default оn an understanding, оr mоrе all things considered, thе chance оf setback due tо ѕоmе "installment occasion". Associations thаt handle a high volume оf online installments go up against thiѕ hazard, аѕ whеrе blocking thе portions аnd expected source оf installments саn ricochet back оn thе association. Various associations hаvе bееn compelled tо bring nеw focus аnd drive tо thеir installment hazard. the executives methodologies ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MANAGEMENT PLAN in аn attempt tо keep away from falling loss whilе аt thе ѕаmе timе trуing tо go without causing аnу undue outcomes appropriately tо thеѕе challenges. Truth be told every installment method incorporates hazard. If you keep up an online business and procedure installments on your website, you need to understand that it goes with a collection of dangers. The genuine dangers are coercion and operational hazard at the point when the cash related setback is a direct result of human or specific oversights. It is crucial for associations and relationship to realize the best ways to deal with supervise installment hazards in an idea to keep up a key separation from liquidation and blackmail. As I determined beforehand, you need to grasp the installment hazard, and that is what the hazard the board is about. It could assist you with settling on better decisions in light of the fact that there's no space for any slipups. If you settle on a wrong decision, it could be costly for you. You need to envision the probability of the hazard. Consider the going with: What are the potential dangers That it is so at risk to occur How quickly it could be recognized The sum it could cost you Knowing the hazard with assessed costs supports you decline the likelihood of occasion the hazard. Understanding the installment hazard will empower you to manage your business to better. Keep in mind that when you offer something on the web, fraudsters can make a couple of trades in light of sporadic identities or stolen Visa numbers. In the time of the web, the distortion practices are generally hard to stop. When you pick the most ideal installment door, you don't have to manage all the hazard yourself. They have an experience and deception shirking mechanical assemblies, so the best installment entryways realize how to keep coercion and operational hazard at low dimensions. Banks, and furthermore fintech associations, are looking ceaselessly for the advancement that will assist them with hazard the board. Online installment providers with high-security level screen installments for consistence with hazard help standards. They need to face the hazard, paying little heed to if it's connected to creating installment systems or increasingly settled ones. Online installments are directly extensively not so much requesting but rather more moderate recently. However, the accomplishment of the e-installments, and all imaginative installment methodologies depend their ability to control the hazard. Domain User: Domain raise client mindfulness, actualize satisfactory use approaches (AUPs) to guarantee clients comprehend what they ought to What's more, shouldn't do. Use login pennants to help clients to remember the AUP's. Convey intermittent sends with security tibits to keep security in their brains and use publications in worker regions ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MANAGEMENT PLAN WORKSTATION DOMAIN: Install Antivirus software, and update it regularly, keep operating systems up to date, evaluate and deploy security patches when needed as they become available. LAN DOMAIN: Routers have ACL’s (access control lists) which controls what traffic is allowed though them. Switches can be programmed for specific functionality. They are commonly located in a wiring closet or server room which protects it from physical security modify ACLs as needed. Practice port security as a added control. This ensures that only specific computers are able to attach to the network device. What that means it that an attacker brings his computer he won't be able to connect that computer to the network. WAN-TO-LAN DOMAIN: firewalls that would discriminate and allow only certain types of traffic through. Training a domains to understand the importance of limiting the number of firewall rules. WAN Domain: use of a demilitarized zone which uses two firewalls. One firewall has direct access to the internet and the other to the internet network. When patches are available test them to ensure it doesn't have any negative impacts and then deploy to the servers. Remote Access Domain: can use several different controls to protect servers. Automatic callback is one with dial-in remote access servers. It hangs up and calls the home number after she logs on from being prompted to log on. This is used with people who work from home. Another one is remote access policies. They’re used to specify the only layer 2 tunneling protocol connections are allowed. Additionally Internet Protocol Security (IPSec) could be required to ensure the connection encrypted. System/Application Domain: ensure administrators have adequate training and knowledge. Configuration and change management practices are helpful configuration management ensures the systems are configured using sound security practices. Change management ensures that the configuration is not modified without adequate review. Administrators of these systems need to test the patches they get from the vendors and make sure no negatives and then send them out. COMPLIANCE LAWS AND REGULATI ONS Envision consistence and hazard and program method, organization and program plan. Create compelling undertaking attempts to embed consistence social needs into the surface of the association . Outline consistence association improvement and change practices. ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MANAGEMENT PLAN Create incorporated hazard methodology and structures across over consistence, regulatory, cash related, and advancement chance scene Make a system for consenting to consistently growing state, government, and overall straightforwardness requirements. Use examination and development answers for setup/overhaul consistence watching and hazard assessment practices Make and reinforce the assignments of overall outcast hazard and consistence the executive. Loss or obliteration of organization data. Table 1 Risk – Threat – Weakness Risk: Loss or destruction of org information. Weakness: Firewalls and Instrusion Control systems not been active or updated to prevent systems from unauthorized access. Risk: Loss of company confidential information. Threat: Insider threats. Weakness: Former employers, Contractors or other insiders having access to company information-present employees are not properly and given access to unauthorized information. Risk: Loss of customers, Clients or revenue Threat: changes in regulatory landscape & oriented that may impact operations. Weakness: Change control processes & methods inadequate to handle changes in regulations. Risk: Loss of company useful contained data. Threat: Hardware being removed from production & deploy systems Weakness: Access Control procedures do not track location of equipment as it is moved. Hardware may not be protected from hacking if used outside & public the data center. Risk: Loss of company information. Threat: Loss of company information on lost or stolen company-owned important assets, such as mobile and laptops Weakness: Software not loaded on mobile devices & laptops to unlock system when notified of loss Risk: Threat: Internet threats due to org products being access on the internet. Weakness: Risk: Loss of customers. Threat: Production outages caused by various events, such as natural disasters, unstable & bug software, and others. Weakness:UPS & elctronic systems not active to protect systems from outages. Risk: Threat: Weakness: Risk: Threat: Weakness: Domain Impacted Remote Access Domain User domain System/ Application Domain System/ Application Domain Workstation Domain LAN-to-WAN System/ Application Domain ISOL 533 -Information Security and Risk Management University of the Cumberlands Risk: Threat: Weakness: Risk: Threat: Weakness: Risk: Threat: Weakness: Risk: Threat: Weakness: Risk: Threat: Weakness: Risk: Threat: Weakness: Figure 1 RISK MANAGEMENT PLAN ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK ASSESSMENT PLAN RISK ASSESSMENT PLAN EXECUTIVE SUMMARY This policy establishes information security requirements to make sure that production services follows the company objectives and that company information (referred as an asset) and technologies meet the standard. ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK ASSESSMENT PLAN 2 The Information Security Policy ensures that: • Only the authorized people can access the information • The availability, integrity, and information confidentiality are well protected • All employees are well skilled on information security and the compliance is made mandatory. • All suspected weaknesses and breaches in the information security are recorded and investigated Risk Management Plan take care of Weaknesses, Threats and Risks of the Health Network, Inc. RISKS – THREATS – WEAKNESSES 1) Critical -Those affect compliance and increase organization liability. 2) Major -That affect the IT infrastructure and C-I-A of a company’s intellectual property assets. 3) Minor – That can impact the availability of the IT infrastructure or the employee and user productivity. COMPLIANCE IN LAWS • Employees should be trained on major corporation laws and be motivated to comply with them. • For company to meet its requirement it must have good risk management, governance and compliance. • Some laws are straightforward and easy to understand. • Every stakeholder should know their part in the corporate governance program. • Every stakeholder should knowledge on laws and regulations of PCI-DSS, FISMA, HIPPA etc. • In the Information Security there are customer information for PCI-DSS and set of twelve regulations designed to reduce fraud. • Documentation of every act happening inside the company will help any person not to breach the compliance law ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK ASSESSMENT PLAN 3 • Access should be limited on basis of the employee position in order to avoid any regulation and compliance breach. • Limiting internet access will not let any risk to the data of the organization. ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK ASSESSMENT PLAN 4 R-T-W Risk: User deletes all files and destroys data in application. User inserts USB and CDs with personal videos, music, and music on the organization’s computers. Domain Impacted Risk Impact / Factor Minor USER DOMAIN Threat: Employee downloads an unknown e –mail attachment Weakness: User has a weak domain password and does Shutdown his computer. WORKSTATION Risk: Desk computer. This can affect other devices on the network. Critical DOMAIN Threat: Company’s assets, for example, laptops and mobile devices are stolen or lost. Weakness: Equipment is unsecured; equipment is not set properly; GPS tracking software not enabled. Risk: Company will loss customers. LAN DOMAIN Major WAN-TO-LAN Major Threat: Outage in production due to different events, for example software, change in management, natural disasters and so on Weakness: Some weaknesses are devices install at Egress/Ingress Points in the network is of little help in stopping the spread of outbreaks thought the internal network and also high amounts of alerts generated as perimeters of attackers seeking for vulnerable systems. Risk: Network, firewall and IP appliance configure file weakness or errors. DOMAIN Threat: DDoS attacks, communication outages, viruses, hackers. Weakness: Procedures not followed; backup data centers not available. Risk: Company will loss customers. Threat: Outage in production outages due to different reasons, for WAN DOMAIN Major ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK ASSESSMENT PLAN 5 example, unstable software, changes in management, natural disasters, and so on. Weakness: Backup data centers are unavailable; procedures not adhered to. Risk: Unauthorized entry through public Internet. Major Threat: Threats inside the company. REMOTE ACCESS Weakness: Networks not monitored; controls not in place. DOMAIN ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK ASSESSMENT PLAN 6 Figure 1 ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN Project Part 1 - Task 3 - Risk Mitigation plan ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN Executive Summary Risk mitigation plans play a huge role in the assurance of both the security of organizational assets and data. Risk mitigation plan for Health Network Inc. will thus play a huge role in securing both important organizational assets data. Health Network, Inc., Headquartered in Minneapolis, Minnesota has an employee network of over 600 employees and generates approximately $500 million on an annual basis. The organization has additional locations in Portland, Oregon and Arlington, Virginia. These locations act as data centers and production systems for the organization. Health network mainly deals in three product lines. These products include HNetExchange, HNetPay and HNetConnect. The entire product line plays a significant role in the generation of revenue for the organization. HNetExchange is the main source of revenue for the company. This product helps in the handling of secure electronic transmission of private data betwee the patients and the organization. HNetpay is a web portal that helps in the securing of payments and billings. This web portal helps in securing payments and billings for both the company and its clients. HNetConnect is an online directory that has a list of doctors and medical facilities. This platform thus makes it easier for clients to find the right type of care that re closer to them. Critical “1” risks and short-term remediation The risk/threats identified are: ISOL 533 -Information Security and Risk Management University of the Cumberlands I. RISK MITIGATION PLAN Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and others a. Remediation: Having insurance plans that will cover the customers against losses that are caused by natural disasters, change management, unstable software and other complications. b. CBA: Estimated Cost of loss = $ 14000 Cost of risk prevention = Outsourcing insurance services = $ 12000 II. Loss or destruction of company information due to insider threats a. Remediation: Conducting proper employee audit during employee recruitment and after employee recruitment. b. CBA: Estimated cost of loss = $ 4000 Cost of risk prevention = $ 3000 MAJOR “2” / MINOR “3” LONG-TERM REMEDIATION I. Loss of company data due to hardware being removed from production systems. Hardware may be removed from the production system due to a variety of factors. For example faulty systems may result in the spoiling of some parts of the production system resulting in hardware failure that may result in data. a. Remediation: Servicing the company’s hardware of a regular basis. b. CBA: Estimated cost of loss = $ 20000 Estimated cost of risk prevention = $12000 II. Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops. Mobile devices and laptops act as the primary storage units for ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN important company information. For example, some of the mobile devices store important company login details. a. Remediation: Coming up with policies that will ensure that each employee is responsible for the safety of the devices assigned to them. b. CBA: Estimated Cost of Loss = $20000 Estimated cost of risk prevention = $ 400 III. Theft of company confidential information due to insider threats. Malicious employees may collaborate with other external entities to steal important organizational information. For example, an employee with an high access level may use his or her authority to access information that are important for the organization. a. Remediation: Conducting a thorough employee background check before and after employment. b. CBA: Estimated cost of risk = $ 23000 Estimated cost of risk prevention = $ 9000 IV. Loss of customers or revenue due to changes in regulatory landscape that may impact operations. The company may fail to keep up with the changing government regulation policies. a. Remediation: Outsourcing services from personnel and companies that specialize in regulation. b. CBA: Estimated cost of risks = $ 12000 Estimated cost of risk prevention = $ 2000 ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN Implementation plan R-T-W Domain Risk Impact Impacted / Factor System / “2” Major Threat:Hardware being removed from production systems Risk: Loss of company data. Application Domain Weakness:Access Control procedures do not track location of equipment as it is moved. Hardware may not be protected from hacking if used outside the data center. Threat: Loss of company information on lost or stolen “2” Major company-owned assets, such as mobile devices and laptops Workstation Risk: Loss of company information Domain Weakness: Software not loaded on mobile devices to lock system when notified of loss. Threat:Production outages caused by various events, such as “1” Critical natural disasters, change management, unstable software, and others. System / Application ISOL 533 -Information Security and Risk Management University of the Cumberlands Risk: Loss of customers. RISK MITIGATION PLAN Domain Weakness: UPS systems not active to protect systems from outages. Threat: Internet threats due to company products being accessible on the Internet LAN-to-WAN “1” Critical Domain Risk: Loss or destruction of company information. Remote Access Weakness: Firewalls and Intrusion Control systems not active Domain or updated to protect systems from unauthorized access. Threat: Insider threats. User Doman Risk: Loss of company confidential information. Weakness: Former employers, contractors or other insiders having access to company information; current employers are not managed properly and given access to unauthorized information. “3” Minor ISOL 533 -Information Security and Risk Management University of the Cumberlands RISK MITIGATION PLAN Threat: Changes in regulatory landscape that may impact operations System / Application Risk:Loss of customers or revenue. Weakness: Change control processes inadequate to handle changes in regulations. Table 1 from Risk Assessment Plan Domain “3” Minor Running Head: ISOL 533- Information security and Risk management 1 Information security and Risk Management Business Role/Process Real time communication with the patients. Through calls Email communication both inside and outside information 2 Business Effect Factor Retrieval Time objective Critical 4 hours 4 hours Critical Domain Name Server (DNS) for interior and exterior Internet Protocol (IP) Critical Website where patients can access their data and personal info. IT Systems and Apps Voice IP Servers System Application Domain 4 hours DNS Server LAN-to-WAN Network Main 11 hours System Application Domain Critical 4 hours VoIP Call Servers WAN LAN-to-WAN Network Major 24 hours System Application Domain Finance operation support for Accounts Received and Paid Out Major 24 hours Technical Support and Network Management. Critical 12 hours Internet and Extranet critical 24 hours Patients services through the company website, emails and telephone with real time services and communication that requires Customer relationship Management(CRM) Communication through voices and Emails to other branches LAN Accounting Networks LAN-to-WAN Remote Access control Information security and Risk Management 3 Information Security and Management Risk Health network Exchange main source of incomeon behalf of the Business Establishment. It handles the services including the medical data and secure them well. These services include payment of bills and other services. These information always comes from the customers in large hospitals(Hopkin& Management, 2012, p. 46). This is a website portal used by company’s Health networkExchange customers to support the running of protecteddisbursements of the bills.Health network Pay Website gateway at Health Network constructionplaces, receives and processes several payments and merge it with credit-card information from the handling organizations such as shopping carts or web commerce. Health network Connect is an online portal that contains the information such as the list of the doctors and various clinics available. This information will enable every individual looking for medicine facilities to get the right type of the medications they require and also get the the precise location and procedure of getting assisted. The doctor’s information in the system will enable a patient to get in touch with the doctor who gave out the medication. This website also helps the patient to know the services the healthcare clinics and hospitals are giving out (Vacca, 2012, p. 38) The portal enables the doctors to update their information whenever needs arise and also patients to make payments for the bills and other services through their HTTPS websites. Health Network take their operation in three production data center and provide the services required across the network. This network contains a lot of the services and websites inside it. Information security and Risk Management Mission For Health network Telephone Services Customer Email Services Mission ForHealth network Internet and Extranet Communication through messaging and email Mission For Health networkPay Financing services Website portal 4 MTD Less than 48hrs Less than48 hours RTO Less than 24hrs RPO Less than 4hrs Less than 24 hours Less than 4 hours MTD Less than 48hrs Less than48 hours RTO Less than 24hrs RPO Less than 4hrs Less than 24 hours Less than 3 hours MTD Less than 48hrs Less than48 hours RTO RPO Less than 24hrs Less than 4hrs Less than 24 hours Less than 4 hours Information security and Risk Management 5 Task 3: Disaster Recovery Plan SUMMARY PRODUCTION SERVER Portland IT SET-UP Health network Database for payment BACKUP STRATEGY FOR SYSTEM ONE Daily / Monthly / Yearly/ Quarterly Daily. DISASTER RETRIEVALPROCES S Risk #1: Loss of company data due to removal of production systems. Risk #2: Loss of clients due to production shortages. This will bring main problem in payments of services by customers and they will not be able to make payment. This will impact all the services as without payment there is no services going on. To curb up with this impact there should be other mode of payment available within different server platform. This will lead to a major impact in terms of revenue and other services. To avoid this impact and payment plan should be introduced especially in affected areas and remote areas. Also, Data Recovery Plan should be introduced. Disaster Recovery Plan for Health networkConnect SUMMARY PRODUCTION SERVER Arlington, Portland. IT STRUCTURE Health Network for Database and Directory connection. Information security and Risk Management 6 BACKUP PLAN FOR SYSTEM ONE Daily Daily. DISASTER RETRIEVALPROCESS Risk #1: Loss of company data due to removal of production systems. Risk #2: Loss of clients due to production shortages. It will be difficult to find care using online services. Patients will not be able to view and see various doctors and clinics available in the website. Through this customers will not be able to find the right care or the best clinic services providing best services. In case of the primary failure patients will not be able to find right care. Disaster Recovery Plan for Health networkExchange OVERVIEW PRODUCTION SERVER Portland, Arlington and Minneapolis. IT STRUCTURE Health network Exchange Server BACKUP PLAN FOR SYSTEM ONE Daily / Monthly / Quarterly Daily. DISASTER RETRIEVALPROCES S Risk #1: Loss of company data due to removal ofHealthnetwork from theproduction systems. The communication between the company and the patients or the customers will be affected and therefore no services taking place and that will bring effect in the revenue collected by the company. To eliminate the problem, the company should introduce Information security and Risk Management 7 proper backups and access control techniques for the system in place. Risk #2: Loss of customers due to production outages. Customers and patients will not get the best services they require thus poor care thus there should be proper disaster recovery plan and different servers working on different platforms. Task 4: Computer Incident Response Identify the nature of the incident Major business impact will be in Health network pay, Health network Exchange and Health network Connect. Threat in the company is the loss of the sensitive data and major information from the company and its customers. The risk impact within the company will be severely critical MTD- more than 24 hours RTO- More than 4 hours RPO- More than 2 hours. What needs to be done to limit the scope of the incident? The company need to disable all the incoming exchange of information and communication from the laptop and other users (Stamp, 2011, p. 67). What needs to be done to mitigate the risk of the incident? To curb the risk of the incident the company need to limit the access of production data from the unauthorized people to allow only authorized users and restrict the access of data externally. What needs to be done to recover the IT systems? The lost data should be recovered from the Backups made earlier. BCP plan should be executed in response to the incident. The BIA, BCP and Dr planning should have updated with new procedure to help to curb up the incident Information security and Risk Management 8 References Hopkin, P.,& Management, I. O. (2012). Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. London, England: Kogan Page Publishers. Stamp, M. (2011). Information Security: Principles and Practice. Hoboken, NJ: John Wiley & Sons. Vacca, J. R. (2012). Computer and Information Security Handbook. London, England: Newnes.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello pal, Kindly find the attached.

Running Head: ISOL 533- Information security and Risk management

1

Information security and Risk Management

Business Role/Process
Real time communication with the
patients. Through calls

Email communication both inside and
outside information

2

Business
Effect
Factor

Retrieval
Time
objective

Critical

4 hours

4 hours
Critical

Domain Name Server (DNS) for interior
and exterior Internet Protocol (IP)

Critical

Website where patients can access their
data and personal info.

IT Systems and Apps
Voice IP Servers

System Application Domain

4 hours

DNS Server LAN-to-WAN
Network

Main

11 hours

System Application Domain

Critical

4 hours

VoIP Call Servers WAN
LAN-to-WAN Network

Major

24 hours

System Application Domain

Finance operation support for Accounts
Received and Paid Out

Major

24 hours

Technical Support and Network
Management.

Critical

12 hours

Internet and Extranet

critical

24 hours

Patients services through the company
website, emails and telephone with real
time services and communication that
requires Customer relationship
Management(CRM)
Communication through voices and
Emails to other branches

LAN Accounting Networks

LAN-to-WAN

Remote Access control

Information security and Risk Management

3

Information Security and Management Risk
Health network Exchange main source of income on behalf of the Business
Establishment. It handles the services including the medical data and secure them well. These
services include payment of bills and other services. These information always comes from the
customers in large hospitals(Hopkin& Management, 2012, p. 46).
This is a website portal used by company’s Health networkExchange customers to
support the running of protecteddisbursements of the bills.Health network Pay Website
gateway at Health Network constructionplaces, receives and processes several payments and
merge it with credit-card information from the handling organizations such as shopping carts
or web commerce.
Health network Connect is an online portal that contains the information such as the list
of the doctors and various clinics available. This information will enable every individual
looking for medicine facilities to get the right type of the medications they require and also get
the the precise location and procedure of getting assisted. The doctor’s information in the
system will enable a patient to get in touch with the doctor who gave out the medication. This
website also helps the patient to know the services the healthcare clinics and hospitals are
giving out (Vacca, 2012, p. 38) The portal enables the doctors to update their information
whenever needs arise and also patients to make payments for the bills and other services
through their HTTPS websites.
Health Network take their operation in three production data center and provide the
services required across the network. This network contains a lot of the services and websites
inside it.

Information security and Risk Management

Mission For Health network
Telephone Services
Customer Email Services

Mission ForHealth network
Internet and Extranet
Communication through
messaging and email

Mission For Health
networkPay
Financing services
Website portal

4

MTD
Less than
48hrs
Less than48
hours

RTO
Less than 24hrs

RPO
Less than 4hrs

Less than 24
hours

Less than 4
hours

MTD
Less than
48hrs
Less than48
hours

RTO
Less than 24hrs

RPO
Less than 4hrs

Less than 24
hours

Less than 3
hours

MTD
Less than
48hrs
Less than48
hours

RTO

RPO

Less than 24hrs

Less than 4hrs

Less than 24
hours

Less than 4
hours

Information security and Risk Management

5

Task 3: Disaster Recovery Plan

SUMMARY
PRODUCTION
SERVER

Portland

IT SET-UP

Health network Database for payment

BACKUP STRATEGY
FOR SYSTEM ONE
Daily / Monthly /
Yearly/ Quarterly

Daily.

DISASTER
RETRIEVALPROCES
S

Risk #1: Loss of
company data due to
removal of production
systems.

Risk #2: Loss of clients
due to production
shortages.

This will bring main problem in payments of services by
customers and they will not be able to make payment. This
will impact all the services as without payment there is no
services going on.
To curb up with this impact there should be other mode of
payment available within different server platform.

This will lead to a major impact in terms of revenue and
other services.
To avoid this impact and payment plan should be introduced
especially in affected areas and remote areas. Also, Data
Recovery Plan should be introduced.

Disaster Recovery Plan for Health networkConnect

SUMMARY
PRODUCTION
SERVER

Arlington, Portland.

IT STRUCTURE

Health Network for Database and Directory connection.

Information security and Risk Management

6

BACKUP PLAN FOR
SYSTEM ONE
Daily

Daily.

DISASTER
RETRIEVALPROCESS

Risk #1: Loss of
company data due to
removal of production
systems.

Risk #2: Loss of clients
due to production
shortages.

It will be difficult to find care using online services. Patients
will not be able to view and see various doctors and clinics
available in the website.
Through this customers will not be able to find the right care
or the best clinic services providing best services.
In case of the primary failure patients will not be able to
find right care.

Disaster Recovery Plan for Health networkExchange

OVERVIEW
PRODUCTION
SERVER

Portland, Arlington and Minneapolis.

IT STRUCTURE

Health network Exchange Server

BACKUP PLAN FOR
SYSTEM ONE
Daily / Monthly /
Quarterly

Daily.

DISASTER
RETRIEVALPROCES
S

Risk #1: Loss of
company data due to
removal
ofHealthnetwork from
theproduction systems.

The communication between the company and the patients
or the customers will be affected and therefore no services
taking place and that will bring effect in the revenue
collected by the company.

Information security and Risk Management

7

To eliminate the problem, the company should introduce
proper backups and access control techniques for the system
in place.

Risk #2: Loss of
customers due to
production outages.

Customers and patients will not get the best services they
require thus poor care thus there should be proper disaster
recovery plan and different servers working on different
platforms.

Task 4: Computer Incident Response
Identify the nature of the incident
Major business impact will be in Health network pay, Health network...


Anonymous
Awesome! Perfect study aid.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags