Discussion Points:

Question Description

Using the case scenario from Lab 1 (and used in Assignment 1) examine the use of risk analysis and how it facilitates the development and implementation of an information security policy together with its accompanying standards, guidelines, and procedures. You will also introduce and discuss the need to maintain the timeliness of the security policy, and to periodically review and update it.

Rubric for Learner Posts


Synthesis of concepts in 250 or more words and Well formed conclusions (critical to class performance)


Applications of personal experience


Uses external resources validating position with applicable knowledge


Writing standards: appropriate use of terms, correct spelling and grammar


Participation in discussion, feedback and posting to two fellow classmates 150 words or more - minus these points for not submitting on time.


Total Points:


Unformatted Attachment Preview

VA Data Breach Causes and Remedies to VA Data Breach Christopher Hawthorne ISSC331 VA Data Breach Causes and Remedies to VA Data Breach The VA led the country in the process of converting medical records to digital for easier access and future references. Though there have been observed different cases where the privacy of some clients has been breached. The following are some of the causes of the breaches. • Failure to encrypt data • There are cases of reckless safeguards • Also lack of accountability According to the research done, there were cases where the information that was meant for the patients failed to be encrypted. This led to some malicious VA employees and administration to get access to this data and breach its privacy. Since 2010, almost 16, 000 veterans were at risk of getting the privacy of their data breach due to the failure of the employees to encrypt data (Roisman, F. W. 2005). Also, there was observed at least one in 365 case where there was the failure to be the accountable case. These cases were turned over to the office of the Inspector General, sometimes to the VA police or the external law enforcement. Furthermore, there was observed a case where employees could use office computers at home. A case in 2003 was discovered where an employee used to head home with an office computer. This meant that the employee was able to access the files and the data of the veterans without permission (Shulkin, D. J. 2016). VA Data Breach Some of the cases were caused by reckless safeguards. This is a case where information was illegally released, or the providers failed to secure the consent of patients during the study. The information released by the VA should always be encrypted so as the information could not be accessed by unauthorized persons. Also, the information should legally be released and only to the right veterans. There should be a proper track of information flow so that each department that handles the information becomes accountable for it. References Roisman, F. W. (2005). National Ingratitude: The Egregious Deficiencies of the United States' Housing Programs for Veterans and the Public Scandal of Veterans' Homelessness. Ind. L. Rev., 38, 103. Shulkin, D. J. (2016). Beyond the VA crisis—becoming a high-performance network. New England Journal of Medicine, 374(11), pg 1003-1005. Assignment Instructions Instructions: Do Exercise 1 or Exercise 2 below, but not both. Exercise 1: Executive Summary on Risk Analysis Learning Objectives and Outcomes Describe common concepts in information security, privacy and the law. You will learn how to present and justify risk analysis for assets in an organizational setting and will relate those findings to the basic security principles of confidentiality, integrity, and availability. Assignment Requirements Refer to the case scenario that was provided to you in Lab 1. By now, you will have created the comprehensive asset list in order of importance of each asset. For this assignment, you need to create an executive summary that explains your list. This executive summary will be presented to the school’s board of directors. Much of the information you have analyzed will be technical in nature. First, without creating a full executive summary of the operation, summarize your findings in a simple bullet-point list. Then, assign a quantitative value to each asset by examining its numerical, measurable characteristics such as original cost, cost of replacement, loss of teaching skills or created information, school image and reputation. This will allow you to organize your priorities, and be able to use that information to prepare a full executive summary for presentation to the school's board of directors. OR Exercise 2: Executive Summary on Veterans Affairs (VA) and Loss of Private Information Learning Objectives and Outcomes Review the case on loss of personal information and be able to make conclusions based on your findings on the VA case and loss of private information. Assignment Requirements Refer to the case scenario provided in this lesson’s Lab. By now, you have analyzed the case study and have suggested possible mitigating remedies to prevent loss of private information. Write an executive summary that supports your list of suggested remedies. Much of the information you have analyzed will be technical in nature. First, without creating a full executive summary of the operation, summarize your findings in a simple bullet-point list. This will help to prioritize the remedies suggested. Once you have the summary ready, compile your findings in the form of an executive summary. The main points you need to cover are: • Analyze the mistakes committed by both the employees and the Veterans Affairs Administration that led to data loss. • Ensure that the remedies you suggest prevent the mistakes you analyzed from reoccurring in the future. You can think of using encryption as one of the possible remedies. In this case, describe how encryption can be used. • Explain methods that will ensure proper monitoring and enforcement of the existing security policies. Submission Instructions: Submit your answer in a Microsoft Word document in not more than 300 words. Font: Arial 10 point size Line Spacing: Double Grading Criteria 1. Content 50% 2. Writing Conventions (Grammar and Mechanics)10% 3. Organization of Ideas/Format 300 Words 30% 4. Source (APA Format) 10% ...
Purchase answer to see full attachment

Final Answer

Thank you for working with me



Risk Analysis



Risk Analysis
Risk analysis refers to a review of the risks, which are linked to specific activities or
events. Risk analysis involves reducing uncertainties, and managing risks through prescribing
appropriate policies, procedures, and regulations (Yoe, 2016), for example the VA Company
may conduct a risk analysis, by encrypting its medical data, safeguarding their client’s data,
adhering to the states privacy laws, and ensuring that every staff in their organisation is
accountable for their actions. Confidentiality of health information is a fundamental principle
of privacy policy in the United States. According to Gaylor (2016), the privacy law protects
the patients, while balancing the needs for health service providers to share information.
However, most health organization have medical records which are poorly maintained,
incomplete, inaccurate, altered or where records fall into the hands of unauthorized persons.
A company like VA can conduct a risk analysis, to determine what threat exists to
their specific assets, and the level of a particular threat. According to Hess, Macintyre, &
Mishoe (2011), risk analysis is used to manage risks, through protecting the patient privacy.
The VA company must ensure that at all employees are trained about the privacy procedures,
designate each ...

masterjoe (17094)

The tutor was pretty knowledgeable, efficient and polite. Great service!

Heard about Studypool for a while and finally tried it. Glad I did caus this was really helpful.

Just what I needed… fantastic!


Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors