Cybersecurity program

tukaz2005

CYBERSECURITYFRAMEWORKcopy.docx

Home >Computer Science homework help >Cybersecurity program

Running Head: CYBERSECURITY FRAMEWORK 1

CYBERSECURITY FRAMEWORK 6

Student Name

School NAME

Date

TABLE OF CONTENT

1.0 INTRODUCTION…………………………………………………………………………....3

2.0 ORGANISATIONAL OBJECTIVES AND PRIORITIES…………………………….…….3

3.0 CURRENT RISK MANAGEMENT……………………………………………………….3-4

4.0 THREATS ENVIRONMENTS………………………………………………………………4

5.0 LEGAL AND REGULATORY REQUIREMENTS…………………………………………4

6.0 MISSION……………………………………………………………………………….…….4

7.0 OBJECTIVES………………………………………………………………………………...4

8.0 CONSTRAINTS USING HIPPA FRAMEWORK……………………………………….….4

8.0.1 COMMON DECISION WORKFLOW………………………………….………….5

9.0 FUTURE CYBERSECURITY POLICIES…………………………………………………...5

10.0 OPERATIONAL COMPLIANCE AND RISK ASSESSMENT………………………….5-6

10.0.1 ORGANIZATIONAL RISK ASSESSMENT CHART…………………………...6

11.0 PRIVACY RISK MANAGEMENT……………………………………………………….6-7

11.0.1 WEB PORTAL DATA FLOW DIAGRAM……………………………………….7

12.0 REFERENCE………………………………………………………………………………...8

Introduction

In this assignment, I will assess a healthcare facility's cyber security framework to identify and close the gap between the facility's current cybersecurity status and its target cybersecurity status. This process will adhere to the Health Insurance Portability and Accountability Act (HIPPA) regulations (Allodi & Massacci, 2017). This cybersecurity framework is very vital because it enables a healthcare organization to establish national standards that will protect patient’s medical health records and other personal health information. it also applies to the health plans, clearinghouses, healthcare, and care practitioners who perform certain healthcare transactions electronically.

Organizational Objectives and Priorities

According to the facility's Information Technology personnel, the organization had already implemented a security framework per the HIPPA privacy rule (Allodi & Massacci, 2017). The framework had provided the healthcare facility with security guidelines, standards, and best practices that can be implemented to manage cyber threats instances. Patients, health practitioners, and physician’s integrity, confidentiality, and availability of personal health information or private information are well secured and protected from cyberthreats such as malware, phishing, and virus and only shared when there are justifiable reasons for doing so.

However, there was a case where the facility received a computer network outage due to security incidences. This means the healthcare facility was unable to detect and mitigate malicious threats on time (Allodi & Massacci, 2017).

Current risk management: To manage these risks, the facility has managed to communicate effectively and involve all its stakeholders to create awareness of cyber risks. It had also implemented clear risk management policies that define the roles and responsibilities of every individual within the organization (Allodi & Massacci, 2017). The health facility had also established a clear continuous risk monitoring process to ensure its risk mitigation efforts are working effectively.

Threats environments: these environments include all online spaces where cyber hackers conduct malicious cyber threat activities. These environments include health facilities ' networks, devices, processes, stored or transit data, services, and systems.

Legal and regulatory requirements: The institution’s cybersecurity laws and regulations are under the HIPPA regulation rules. The institute has been following all security rules and meeting any requirements (Allodi & Massacci, 2017).

Mission: to provide quality care with excellence in service and access

Objectives: to ensure quality healthcare is provided to all citizens

Constraints using HIPPA framework: Some of the constraints encountered by using this framework include shortcomings in the enforcement, extra staff required to keep up with HIPPA requirements, consent not required for payment, and no standing to sue companies because of their HIPPA violation (Allodi & Massacci, 2017).

Fig 1: common decision workflow

Future cybersecurity policies

To ensure minimal cyber threats in the health facility, the organization is required to implement strong cyber security policies to help all stakeholders understand how to maintain the security of data and applications (Gellert, 2015). To comply with HIPPA regulations, the facility is required to implement policies and regulations that will combat cyber abuse, fraud, and waste in health insurance and healthcare delivery. The policies and regulations should also provide systematic health insurance coverage for the workforce who lose or change their jobs. The facility should also implement policies that protect patient’s personal health information (PHI) and ensures patient’s rights are not violated.

Operational Compliance and Risk Assessment

The likelihood cyber security risks in this facility include malware and Ransomware. Malware results in unusual behaviors or the system such as denying access to programs, deleting files, and stealing information of patients or other stakeholders within the health facility. On the other side, ransomware installs itself on the user's system, disrupting programs and prevents access to functionality until a ransom is paid. These two cyber risks result to access to patient's information without their consent (Gellert, 2015).

The systems are also vulnerable to internal threats such as viruses, hacking, and cloud computing vulnerabilities. These threats originate within the facility and are currently conducted by either former or current employees. External cyber threats include ransomware and malware. To prevent external threats, a proactive approach is the best. This includes the installation of anti-malware and anti-ransomware programs to mitigate the risks. To minimize these risks, users can use strong passwords, or monitor user behavior. They can also implement identity and access control or use multifactor authentication (Gellert, 2015).

Fig 2: organizational risk assessment chart

Privacy risk management:

To integrate privacy laws and regulations, the institute is required to have an up-to-date and keen awareness on how to comply with the policies at all levels of organizational workflow, systems, tools, and processes (Gellert, 2015). The institute is required to have a legal counsel on board that can comprehend its operations by balancing it with the right privacy laws at the right levels. Both internal and external audits should be conducted to help in keeping a consistent measure of cyber risks. These audits will help to evaluate certain characteristics of the facility against HIPPA standards and policies.

The type of gap analysis that can be performed to identify security elements and variables is to perform a risk assessment. This process will help in identifying which risks are the biggest threats to the organization.

Fig 3: web portal data flow diagram

From the above web portal, cyber risks will be handled per the Health Regulation Act. Staff will be trained to help them understand what roles they will be taking to keep the organization's systems and servers secure from cyber threats. There will also implement controlled system access to regulate who and what can view or use resources in the health facility computing environment (Gellert, 2015).

Reference

Allodi, L., & Massacci, F. (2017). Security Events and Vulnerability Data for Cybersecurity Risk Estimation. Risk Analysis, 37(8), 1606-1627.

Butman, S. (2014). HIPPA for the interventional cardiologist. Catheterization And Cardiovascular Interventions, 83(4), 528-529.

Gellert, R. (2015). Data protection: a risk regulation? Between the risk management of everything and the precautionary alternative. International Data Privacy Law, 5(1), 3-19.