Mitigate risk by using information security systems policies
Computer Network Security
Scenario
You work for a large, private health care organization that has server,
mainframe, and RSA user access. For the third week in a row, Sean comes into
your office at 5:00 p.m. on Friday and needs you to write a report describing
some of the risks associated with not having all the security items in place.
He needs you to research a generic risk management policy template and use
that as a starting point to move forward. He also asked you to search for risk
outcome examples from organizations similar to theirs.
You realize that your organization does not have much in the way of an
information security strategy, and is missing many of what you think are
critical components. Your organization is compliant with the Health Insurance
Portability and Accountability Act (HIPAA) and follows other external
compliance requirements.
Assignment Requirements
Research templates, and look for risk outcome examples from organizations of a
similar type as your organization. Write a report identifying the risks
associated with the current position your organization is in, and how your
organization can mitigate risk by using information security systems policies.
Include an introduction explaining the following: Who? What? When? Why? Be
sure to add a conclusion with a rationale detailing how risks can be
mitigated. Reference your research so that Sean may add or refine this report
before submission to senior management.
