Info Security & Risk Mgmt
Running Head: Risk Assessment Plan 1
5
Risk Assessment Plan
Risk Assessment Plan
Vamsi Tumati
University of the Cumberlands
Dr. DeShea Simon-Simpson
5/18/2021
Risk Assessment Approaches
Various approaches can be used in risk assessment. The qualitative risk assessment is where one uses personal judgment to assess the weight of certain risks in an organization. The quantitative risk assessment approach is where the risks are measured using mathematical tools and techniques. This plan creates a qualitative risk assessment plan to help in managing risks in Health Network.
Qualitative risk assessment Plan
1. Identification of risks- this involves the process of identifying the risks that are within a particular organization through looking at the operations and the performance of a business.
2. Risk analysis- this involves looking deeply into risks to understand the scope of risk and how a risk might be connected to other elements in a business.
3. Risk evaluation- this involves looking at how severe risks are to see what risks need to be controlled and those that the organization can do nothing about them (Samimi, 2020). The segment explains and ranks the risks in a business according to the weight and impact of the risks.
Introduction
This report is the risk assessment plan for Health Network which includes the scope of the assessment, data centers, activities, controls, threats, and vulnerabilities. The risk assessment plan will also propose a plan which will be used in the risk assessment in the organization. The plan is meant to give a detailed explanation of how the organization can determine the value of the different threats and vulnerabilities affecting the organization (Hopkin, 2018). The plan is important because it will be used by HN to come up with a plan to help in dealing with the risks and lowering their impacts.
Scope and boundaries of risk assessment
The process of risk assessment will involve looking at the various data centers to determine the threats and vulnerabilities in the data centers. The assessment will also involve ranking the risks according to the probabilities of occurrence and also the impact and severity of the risks should they occur (Callahan, & Soileau, 2017). The assessment will determine what part of the organization will be harmed in the occurrence of the risks and how they will be harmed. The assessment should be monitored to ensure that it works as desired and produces the best outcomes.
Datacenter assets and activities
The risk assessment will look into the following areas in the business entity-:
1. Production data centers- The data center contains all the critical applications and databases which are used in the day-to-day operations of HN (Hopkin, 2018). The centers will need to be assessed to ensure that there is no access by unwanted third parties that would compromise the quality of operations.
2. HNet pay- the service is responsible for the facilitation of payments within the organization, and it will be assessed to ensure that the payments are safe and secured to ensure that the business does not incur losses.
3. Mobile devices and laptops- the devices contain very important information about the facility and assessment will help determine if there are any risks of losing crucial company information to third parties and malicious individuals.
4. HNet connect- the directory contains personal information of doctors and thus needs to be assessed to ensure that the information is secure, and the information does not get into the wrong hands.
Threats and vulnerabilities
There are many threats and vulnerabilities within Health Network. They include- :
1. Loss of company data and information- the information of the company could get lost if the mobile devices and the laptops get stolen or accessed by outsiders. Phishing and malware attempts can also tamper with and access the information of the organization (Samimi, 2020). Additionally, the information can also get lost if the company hardware is removed from the production systems of an organization.
2. Loss of customers due to production outage- there are many risks of occurrence of natural disasters such as floods, fires, and earthquakes which can damage the machinery and the assets in the organization. this can disrupt the production process in the organization.
3. Loss of customers to other healthcare facilities- there is a chance that the organization could lose some of the clients to competitors who might be offering lower prices or better quality of services for its customers.
4. Internet threats- the company is accessible over the internet and thus the organization is exposed to risks such as malware, viruses, spam, spyware among others (Tupa et al., 2017).
5. Changes in regulations- the laws and policies that govern the organization could change and this will hugely affect the organization.
Controls to be assessed
Many controls have been put into place to ensure efficiency in the organization. the controls which need to be assessed during the assessment include-:
1. Access controls- the controls help in ensuring that the people who access the organization and its information are who they claim to be. The controls will be assessed to see how accurate and effective they are.
2. Concurrent controls- the controls monitor the consistency of the employee performance with set quality standards. The controls need to be assessed to see whether they are working as desired and produce the desired output.
3. Strategic controls- they will be assessed to find out any threats that would impact the ability to evaluate the plans of HN and come up with plans for the organization.
Roles and responsibilities
The following individuals and departments will be involved in the risk assessment process. Each of the departments and the employees will have different roles in the process.
1. Employer- the employer who is HN has many roles in the assessment process. The first role is to select the people who be involved in the process and also ensure that they are competent enough for the process.
2. Assessors- will be responsible for conducting the process of risk assessment and ranking the risks and proposing a schedule to help with the mitigation of risks (Tupa et al., 2017).
3. Staff- the staff of HN will help in the assessment and also help in the identification of perceived risks in the organization.
4. Risk manager- responsible for the proposal of the methodology to be used in assessing the impact of the various risks in the organization.
Proposed schedule
The following is a schedule that can help HN assess the risks in the organization-:
1. Identification- at this stage HN employees, the risk management team, and other stakeholders should identify the risks and vulnerabilities within the organization.
2. Define the impact of risks- the risks should be linked to who they will harm and what harm they will cause the business if they occur.
3. Ranking and evaluation- the risks should be evaluated to see what impact they have and rank them accordingly.
4. Recording of findings – record the probabilities and the risks.
5. Review the assessment to ensure that it works and see what changes need to be made.
References
Callahan, C., & Soileau, J. (2017). Does enterprise risk management enhance operating performance? Advances in accounting, 37, 122-139.
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers.
Samimi, A. (2020). Risk Management in Information Technology. Progress in Chemical and Biochemical Research, 130-134.
Tupa, J., Simota, J., & Steiner, F. (2017). Aspects of risk management implementation for Industry 4.0. Procedia manufacturing, 11, 1223-1230.