See attached.
A healthcare organization is planning to set up an online collaboration website that will share sensitive patient information between healthcare providers, insurance companies, and patients. This website is accessible via the Internet. The organization is looking for a risk-based approach to this project in order to protect sensitive patient information falling into the wrong hands. The organization also cares about “availability,” as outages will hamper healthcare delivery. Write an essay that evaluates the following:
How will you identify IT risks for the above project? Include details on the importance of partnership with business units for effective risk assessments.
What risks identified above will you rate High, Medium, or Low? Hint: (a) Anything compromising sensitive patient information will be a high risk. (b) A denial-of-service cyber-attack will be a high risk. (Data-Centric Approach to threat modeling)
Recommendations on how sensitive patient health information will be protected based on the risks identified above. An example could be to enforce two-factor authentication for the website.
Recommendations on how you will address the availability requirements with proper business continuity planning.
What role does security awareness and training play in reducing the risks identified above?
The role of legal and regulatory requirements. E.g. HIPAA, Privacy Regulations.
What other recommendations would you make to address the risks identified above?