Executive Summary|Risk management designing techniques
1.Introduction:
Risk management is the regular process that works through the life of a project including the processes for risk management planning, monitoring, identification, control and Analysis. In Health Network Inc. has three main products for an health issue those are HNetExchange, HNetPay, and HNetConnect. These products are very helpful to the customers in the world and it will provide health related services to clients and people.
For example Pfizer Inc. with the usage and help of these products provide best services to the customers on cancer related products within USA and through out the world.
HNetExchange is the main products that will be the primary earning source of the company. It will provide more revenue to the company. This product will provide the health related all queries of the customer and get back to him with all the positive result. By this product customer can send the electronic medical messages. It will help to the customer to get the clinics best in the world. (Pfizer, Johnson &Johnson, Hayat (4 November 2012))
HNetPay is the second product of the Health networks Inc. it is basically a Web Portal. The customer of HNetExchange basically uses this Web Portal; the main objective of this portal is to manage the billing and payments. This is hosted in the many network sites for the customer’s payments in the form of various transaction or payments and also make the credit payments such as processing organizations much like a Web commerce shopping cart.
HNetConnect is the online directory. It will allow finding the clinics, doctors, and the medical facilities for the customers so that customer can get the right location with good care clinics and their personal information stored in database which contains doctor name, address, types of services performed by doctor and Nurses. In this product, people can get the doctor’s all the information including address. This is connected to the HTTPS protocol globally using http connection single sign on access through Internet accessible websites.
2.Scope
The project scope in these sections of Health network, the product design involving determination and documentation of specific Health network goals like task, cost, and deadlines. The compliance documentation of the project’s scope explains in detailed view of the project responsibilities of every person in the team establishing the installation instruction and base line configuration to complete, verify, and approve the project .The scope of health network is to increases the revenue for the company by the increases of hospitals and health network in all places in the world.
3.Roles and responsibilities
Every company has Design structure, that is effective, and simplifying the management describing the relationships, roles, level of authority, responsibilities, and neither higher-up nor reportage lines. The organization structure, change the staff to possess specialization in their relative departments decisive varied activities and therefore the responsibilities to perform among the organization. The departments enhance the specialization among a corporation resulting in a lot of productivity and gaining of job experiences. Most managers among the organizations use the department to perform and double back company activities creating it easier to collect data. It additionally promotes a way of authority and responsibility among the organization structure.
4.Risk management designing techniques
The developments of an ideal risk management arrange helps to stay straightforward problems from developing into emergencies. Risk management plans, handle the calculation of comes, and the way they influence the event of the comes. it’s additionally evaluates the intensity of the chance and incorporate the answer to the relevant issues (Chan et al, 2016). the chance management arrange facilitate in handling the adverse things after they arise and solve them before they arise. Risk management arrange completely or negatively influence varied locations of the corporate. Its computation emanates from the likelihood of the events as a difficulty and therefore the impact it’d wear the varied locations of the organization and the creation of the chance skilled report particularization the knowledge regarding the chance management arrange provides the helpful tools for managing and reducing the risks known before and through the project. Risk management arrange register is to document risk mitigation ways pursued in response to the known risk and their grading in terms of chance and seriousness. The arrange provides the project sponsor with the documented structure from that risk standing are often reportable upon. It additionally ensures the communication of risk management issue to key stakeholders. It provides the mechanism for seeking and working on feedback to encourage the involvement of varied key stakeholders. The plans need the implementation of the comes and associated budgets.
This Risk Management Plan covers the Risks, Threats and Weaknesses of the Health Network, Inc E.g.(PFIZER INC.). (Health Network).
Risks – Threats – Weaknesses within each domain
Risk Management has few main concepts those are in Pfizer (Pharmacy) Company.
1. Confidentiality, Availability(C_I_A_) and Integrity concepts
2. Layered security solutions implemented in seven Domains of health care infrastructure
3. Common threats for each of seven domains
4. Impacts on seven domains
Definition of RISK, THREATS, WEAKNESSS
RISK: In a real time world if something happens to an asset (E.g.: Loosing data like username and password, loosing business after a disaster, failing to comply with laws or regulations).
Threat: Any action that can damage an asset such as theft, hacking and fire.
Weakness: A weakness, which allows an attack like threat to make awareness and have a effect on an asset. (Sharing username and password to other employees within an organization)
User Domain: RISK,THREATS,WEAKNESS
Lack of user awareness
User apathy toward policies
Employee blackmail or extortion
Disgruntled employee attacks
User violating security policy
User inserting CD/DVD/USB with personal files
User destruction of systems, applications, or data
Spear phishing
Attacks on the organization or acts of sabotage by disgruntled employees
Workstation Domain: RISK,THREATS,WEAKNESS
Unauthorized workstation access
Unauthorized access to systems, applications, and data
Desktop or laptop operating system vulnerabilities
Desktop or laptop application software vulnerabilities or patches
This can extend to other devices that provide access to computing resources
The staff that supports the workstations
Malware
LAN Domain:
Unauthorized physical access to LAN
Unauthorized access to systems, applications, and data
LAN server operating system vulnerabilities
LAN server application software vulnerabilities and software patch
Rogue users on WLANs
Confidentiality of data on WLANs
LAN server configuration guidelines and standards
WAN-to-LAN Domain:
Open, public, and accessible data
Most of the traffic being sent as clear text
Vulnerable to eavesdropping
Vulnerable to malicious attacks
Vulnerable to denial of service (DoS) and distributed denial of service (DDoS) attacks
Vulnerable to corruption of information and data
Insecure Transmission Control Protocol/Internet Protocol (TCP/IP) applications
Hackers and attackers e-mailing Trojans, worms, and malicious software freely and constantl
WAN Domain:
Unauthorized probing and port scanning
Unauthorized access
Internet Protocol (IP) router, firewall, and network appliance operating system vulnerability
Local users downloading unknown file types from unknown sources
Remote Access Domain:
Brute-force user ID and password attacks
Multiple logon retries and access control attacks
Unauthorized remote access to IT systems, applications, and data
Confidential data compromised remotely
Data leakage in violation of data classification standards
System/Application Domain:
Unauthorized access to data centers, computer rooms, and wiring closets
Difficult-to-manage servers that require high availability
Server operating systems software vulnerability management
Security required by cloud computing virtual environments
Corrupt or lost data
Compliance Laws and Regulations
There are varied company level risks, the governance, and therefore the risk assessment serving. The company compliance creates and executes the organization’s corporate compliance program relative to its roles. Risk management arranges is answerable for guaranteeing that compliance with laws, rules, and laws happens. Corporation and other entities must comply with a no of U.S. and international regulation related to data and privacy. Cover the following.
· HIPAA requires health care providers to secure patient data
· SOX requires company to provide accurate and reliable financial reports.
· CIPA requires public schools to use and enforce an internet safety policy.
1. Install a firewall system:
· This will limit unauthorized personnel from accessing privileged information.
· Will deter most attempts to gain access to information
2. Performing necessary testing after changes
· Sometimes after a major update to any system, loopholes and workarounds to the established security can leave holes. By performing tests you help to mitigate this.
· Penetration testing will expose any faults that may have been exposed over times
3. Identifying connections to the cardholder information
· This is a major step, knowing who can, and how the information can be accessed will lead to tighter security, as some of the biggest breaches in recent memory were simple workaround using devices that hadn’t been thought about before.
4.Reviewing configs on a schedule
· This is VERY important. From a security standpoint, anyone who can get an understanding of your systems configurations can work around your established protocols for their use. Besides that, its good practice to simply be able to make sure nothing is corrupted or not functioning in your code.
5.Change all your default paswwords
· This needs to be done, having default passwords for any reason is just begging for an issue, so a good practice is to make sure the password is first randomized, than changed by user input. Its just an added measure of safety to avoid any possible issues.
· Doing this on a regular schedule and forcing members to change passwords on a 6 month basis will help keep information from being leaked.