Policy

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

Create a Risk Registry using the template below to accurately documenting the risk elements form the scenarios that can be used to track issues throughout the project.

Risk Description for Risk Registry	Likelihood	Impact	Risk Owner	Resources Required	Estimated Completion Date
<Briefly describe the risk>	<Low, Medium, or High>	<Low, Medium, or High>	<List department or role>	<List hardware, software, personnel, and/or policy needed>	<Provide a date based on the risk complexity and today’s date>

Using the Assignment Scenario, complete the following worksheet.

Description of Vulnerability	Security Control Number and Name	Security Control Type	System Categorization for Risk Level Impact	Last Assessment Information	Asset	Assessment Method	Policy Alignment
<Describe the vulnerability>	<List the Security Control name and number>	<Common, System-Specific, Hybrid>	<High, moderate, or low>	<Identify any security assessments from the past>	<Describe the asset that will be tested>	<Identify at least one way you can test this asset>	<Indicate what security policy aligns with the asset>

PHI/EPHI Policy Template

Version:

<Indicate the version of the policy, its revision date, and the approver.>

Purpose:

This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal Heal information (EPHI), except as specifically permitted or required by HIPAA regulation.

Scope:

<Describe who this applies to in the organization.>

Policy:

1. <Provide accurate definitions used in the policy, like PHI.>

2. <State how data must be stored (e.g., encrypted).>

3. <Indicate covered entities.>

4. <Indicate the consequences for a confidentiality breach.>

5. <Indicate what standards the policy follows (e.g., NIST SP800-53).>

Copyright 2020 by University of Phoenix. All rights reserved.

Copyright 2020 by University of Phoenix. All rights reserved.