Information Security Risk Assessment Report

Framework and Compliance 5

Compliance and limiting systems square measure sets of tips and best practices. Associations follow these tips to fulfill limiting requirements, further develop processes, fortify security, and win elective business targets. In the benchmark that aims to bridge the gap between frameworks and compliance, we will focus on Cigna Corp, a medical-based company. Some of the significant services offered by the company managed care services. Additionally, the company provides clinical, life, and insurance products(Berg, Kölbel and Rigobon, 2019). The company has more than 150 million clients spread in more than 25 nations around the world. With these customer demographics, the company is able to outfit noteworthy of knowledge that deals with the whole personal wellbeing thus driving to better wellbeing results.

Cigna's objective is for all business specialists to practice compliance day by day throughout addressing the organization. Since it is a medical-based company, the company applies HIPAA regulations. These rules ensure the privacy, security, and accessibility of all e-PHI they create, receive, store, or send. They also recognize and guard against reasonably anticipated threats to the data's security or integrity. HIPAA standards also protect against reasonable expectations of prohibited uses or disclosures. HIPAA regulations must be followed at all times (Wu, Spafford and Zeni, no date). They guarantee that individuals' wellbeing information is appropriately secured while taking into account the movement of wellbeing information needed to give and propel first-rate clinical benefits and guarantee the overall population's wellbeing and success.

It is generally expected in most medical services offices, like emergency clinics, to keep in touch with data. A covered medical services supplier might depend on a person's casual consent to list in its office catalog the patient's name, general condition, strict connection, and area in the supplier's office(Wu, Spafford and Zeni, no date). A covered substance is any medical services provider who, regardless of measurement, electronically sends health data about specific exchanges. A major motivation is to define and limit the circumstances in which a person's protected health data may be used or disclosed by protected elements.

With a security control framework such as NIST, the Cigna Corp Company can protect patients' data from being accessed by unauthorized individuals. Since the NIST framework is generally a set of rules and best practices that aims to assist associations with building and further developing their network safety pose, the framework can distinguish, protect, Identify, react, and recover critical patient information(Almuhammadi and Alsaleh, 2017). These assist the medical-based company with overseeing network safety hazards by getting sorted out data, empowering risks the executive's choices, tending to dangers, and gaining from past exercises.

NIST gives guidelines to suggested security controls for data frameworks at government organizations, such as Cigna Corp Company. NIST distributions, a large number of which are needed for bureaucratic offices, for instance, within Cigna Corp Company, can fill in as intentional rules and best practices for state, nearby, and ancestral legislatures and the private area. NIST framework may give sufficient profundity and expansiveness to help associations (such as Cigna Corp Company) of many sizes select the sort of execution that best accommodates their exceptional conditions(Almuhammadi and Alsaleh, 2017). NIST security norms and rules can help the necessities of HIPAA regulations since organizations can use them to give an organized yet flexible structure for choosing, indicating, utilizing, and assessing the security controls in data frameworks.

References

Almuhammadi, S. and Alsaleh, M. (2017) ‘Information Security Maturity Model for Nist Cyber Security Framework’, pp. 51–62. doi: 10.5121/csit.2017.70305.

Berg, F., Kölbel, J. and Rigobon, R. (2019) ‘Aggregate Confusion: The Divergence of ESG Ratings’, SSRN Electronic Journal. doi: 10.2139/ssrn.3438533.

Wu, R., Spafford, E. H. and Zeni, N. (no date) ‘Towards HIPAA-compliant healthcare systems Related papers’.