Based on the scenario for the Week Two Individual Assignment, determine the risk associated with the vulnerabilities. Use NIST SP 800-30 to calculate the risks for each vulnerability.
Week two scenario below.
Your company is a security service contractor that consults with businesses that are considered “covered entities” under HIPAA in the U.S. who require assistance in their compliance with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.
Your client is Health Coverage Associates, a health insurance exchange in California and a covered entity. Because of the Patient Protection and Affordable Care Act (ACA), the exchange enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:
- Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database
- Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI
- Vulnerability #3: An unauthorized access to client accounts through the company’s login website via the cracking of weak passwords
The selection of security controls will go into the Security Assessment Plan (SAP) covered in Week Three. The SAP will address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.
The NIST HIPAA Security Toolkit Application, developed by the National Institute of Standards and Technology (NIST), is intended to help organizations better understand the requirements of the HIPAA Security Rule (HSR), implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services.
Develop a 10- to 12-slide PowerPoint® presentation, including an introduction and conclusion slide and detailed speaker notes, documenting the risks for each vulnerability to be presented to the leadership of Health Coverage Associates. The presentation should include:
- A description of each of the three vulnerabilities
- An accurate illustration of the NIST SP-30 5×5 matrices
- A description of the Likelihood and Impact with justification of that determination (Very Low, Low, Moderate, High, Very High)
- An illustration of the overall high water mark level of risk (Very Low, Low, Moderate, High, Very High)
- A logical recommendation for mitigation actions, including an explanation of risk tolerance and risk acceptance for the organization
All references need to adhere to APA guidelines
Looking for solution of this Assignment?
WHY CHOOSE US?
We deliver quality original papers
|Our experts write quality original papers using academic databases.|
|We offer our clients multiple free revisions just to ensure you get what you want.|
|All our prices are discounted which makes it affordable to you. Use code FIRST15 to get your discount|
|We deliver papers that are written from scratch to deliver 100% originality. Our papers are free from plagiarism and NO similarity|
|We will deliver your paper on time even on short notice or short deadline, overnight essay or even an urgent essay|