Cyber

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

PHI/EPHI Policy Template

Version:

<Indicate the version of the policy, its revision date, and the approver.>

Purpose:

This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal Heal information (EPHI), except as specifically permitted or required by HIPAA regulation.

Scope:

<Describe who this applies to in the organization.>

Policy:

1. <Provide accurate definitions used in the policy, like PHI.>

2. <State how data must be stored (e.g., encrypted).>

3. <Indicate covered entities.>

4. <Indicate the consequences for a confidentiality breach.>

5. <Indicate what standards the policy follows (e.g., NIST SP800-53).>

Copyright 2020 by University of Phoenix. All rights reserved.

Using the scenario presented in Wk 2 and the templates provided in the resources below,  complete the following:

· 1- to 2-page Risk Registry accurately documenting the risk elements from the scenarios that can be used to track issues throughout the project

· 1- to 2-page Security Assessment Plan Worksheet

· 1-page PHI/EPHI Policy ( Note: In Week Five, you will practice writing policies again.)

Resources

· Ch. 2, “IT Risk Assessment,” of  CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide.

· Wk 3 Assignment Template

· Wk 3 Assignment Template Plan

· Wk 3 Assignment Template Risk

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

Risk Registry

Create a Risk Registry using the template below to accurately documenting the risk elements form the scenarios that can be used to track issues throughout the project.

Risk Description for Risk Registry	Likelihood	Impact	Risk Owner	Resources Required	Estimated Completion Date
<Briefly describe the risk>	<Low, Medium, or High>	<Low, Medium, or High>	<List department or role>	<List hardware, software, personnel, and/or policy needed>	<Provide a date based on the risk complexity and today’s date>

Copyright 2020 by University of Phoenix. All rights reserved.

Complete a 3- to 4-page HIPAA Toolkit worksheet using the template below.

Vulnerability Title and Description	HRS Toolkit Question	Security Control	Calculate Risk	Recommended Mitigation
<Briefly describe the Vulnerability addressed in the Toolkit >	<List the appropriate HRS Toolkit Question>	<List the appropriate Security Control>	<State the results of the NIST SP 800-30 calculation>	<Describe the mitigation as indicated by the Toolkit>

Complete the 3- to 4-page Wk 2 Assignment Template.

 

For each of the three vulnerabilities, complete the following:

· Cross-reference the HSR Toolkit questions to specific security controls within NIST SP 800-53a. (For example, for the Training question within the HSR Toolkit, the corresponding  security controls within NIST SP 800-53a would be within the Awareness and Training Control Family (AT).)

· Use NISTSP 800-30 to accurately calculate the risks.

· Correctly describe how each selected question from the HSR Toolkit can help reduce the risks associated with the vulnerability.

· Paste the screenshots into the worksheet.

 

Cite all references according to APA guidelines.

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

Security Assessment Plan Worksheet

Using the Assignment Scenario, complete the following worksheet.

Description of Vulnerability	Security Control Number and Name	Security Control Type	System Categorization for Risk Level Impact	Last Assessment Information	Asset	Assessment Method	Policy Alignment
<Describe the vulnerability>	<List the Security Control name and number>	<Common, System-Specific, Hybrid>	<High, moderate, or low>	<Identify any security assessments from the past>	<Describe the asset that will be tested>	<Identify at least one way you can test this asset>	<Indicate what security policy aligns with the asset>

Copyright 2020 by University of Phoenix. All rights reserved.