Healthcare Information Security Risk Analysis
In addition to the health care risk posed by the current COVID-19 pandemic, significant cyber and information security threats are increasing. These global threats impact organizations and individuals. You have been asked to research the top security threats and attack methods related to COVID-19 that are targeted at health care organizations, employees, and patients. This risk analysis, prepared for a potential client, will include a risk register.
Create a risk analysis for a potential health care organization. To prepare your risk analysis, complete the Risk Register template (Attached) by identifying the top 5 health care information security threats and attack methods related to the pandemic based on research from at least two peer-reviewed journal articles.
Write a 2-3 page narrative of your findings that could be presented to the CIO of a health care organization. The goal is to raise executive awareness resulting in improved executive decision-making, implementation of recommendations, identification of opportunities, and allocation of resources for security. Include your risk register in your narrative, and do the following:
- Describe the focus of analysis, including the systems that are used.
- Justify your risk ranking of the top five threats.
- Analyze the resource requirements and relationships to other processes.
- Recommend organizational and security-related actions that would eliminate or mitigate the risk and impact on the organization.
- Discuss any opportunities created by the presence of the risk.
- Summarize your key findings.
Format your citations per APA guidelines.
Submit your narrative.
1. The introduction set a context for the narrative, but did not directly state the focus on the risk analysis narrative, and I did not locate any discussion of the types of information systems used in the healthcare setting.
2. The Risk Ranking section provided a justification for the top 2 risks identified in the risk register, but didn’t address the justification for the other three. Add material to that section to justify the remaining 3 of the top five risks.
3. The section about resources discussed why resources were necessary. What specific resources will mitigate the risks. Consider human resources/personnel, hardware, software, and budget. In addition, what is the relationship of these 5 risks to other processes in the organization, such as legal & operational processes, disaster recovery, continuity planning, etc.?
4.There were several good recommendations. To improve this section further, connect these recommendations to the risks you identified–how do these recommendations mitigate each of the five risks?
5.Opportunities were identified and described. As with the criterion above, connect the identified opportunities to the identified risks. How do the five risks create the identified opportunities.