Risk Management Project Part 5
yjagarlamudi
RiskManagementProjectPart3.docxRisk Management Plan 2
2
Project Part 3: Risk Management Plan
Yogesh Jagarlamudi
Executive MSIT
University of the Cumberland’s
Summer 2021 - Info Security & Risk Mgmt (ISOL-533-A03)
Date:05/25/2021
Introduction
Health Network Inc. refers to an agency that provides health coverage to individuals; however, the organization's risk control strategy is out of date. As an IT staff member of this company, I was tasked to create a new risk management strategy for the agency. The aim of designing the risk management strategy is to recognize any of the possible risks for the organization. This strategy would include an assessment of all threats that have already been detected and actions or procedures to mitigate all the defined risks. The plan will be periodically updated, particularly after each year, to detect any possible new threats.
Discussion
This is the Health Network Inc. Risk Mitigation Plan (HNP), a company based in Minneapolis, Minnesota offering fake health care. The company has more than 600 employees and earns about $500 annually. The company has additional offices in Virginia, Portland, Arlington and Oregon, providing further data center operative assistance, with development frameworks being located and managed by contracted third-party data hosting providers. It consists of three key products: HNetPay, HNetExchange and HNetConnect. HNetExchange processes all electronic security medical messages from customers which make it the main source of income for the company. HNetConnect comprises of addresses for physicians, contact records, medical credentials and other doctor and clinic facilities (Srivastava, et al. 2021). HNetConnect is used to allow health network customers to determine the correct kind of healthcare at the right place. HNetPay is an online interface used to approve multiple payment formats and communicates with credit card processing companies to facilitate accurate handling of secured billing and payments. After evaluating the latest risk management strategy, the following risks were identified;
· Internal menaces
· Internet threats due to links to goods of the company on the internet
· Customer loss due to outages in supply due to various incidents such as changes in ownership, natural hazards, unstable applications, etc.
· Loss of company records when the technology was withdrawn from manufacturing processes.
This risk management strategy is designed specifically for the provision of strategies used to manage and monitor different threats within the company. It is essential for any organization to develop a Risk Management Strategy since, in the event that the risks are not considered by the company, it is difficult for the organization to accomplish its aims and objectives, whether those risks are encountered. The organization can experience more risks, the more patients the company receives. Therefore, the organization would have the strongest safety systems. Both detected hazards will be addressed within the necessary time and expense.
Scope
Risk assessment strategy must be developed on the basis of the risks found during the review phase. Both risks and weaknesses will be reviewed to identify the variety of project outcomes of this company. Qualifications may be used to assess which risks are the top threats and which threats this medical company may disregard. We will use what method to classify the risks – whether problems are analyzed. These concerns attempt to ask what was wrong with the company and what are the implications in the wrong course. This technique is a brainstorming exercise that is normally done by those who meet and know the operations, fields, roles and structures of the health network businesses that subject them to dangerous situations and incidents. Some steps that the Health Network should take to handle and deter risks are as follows:
The Implementation of contingency plan — To investigate what was missing in a tragedy — to replicate replacement of servers — to install temperature gage alarms, smoking detectors and manual triggers — to call for insurance claimants — to train all fire protection personnel — to install water sprinklers, CO2 fire extinguishing devices and fire-resistant products.
Regulation and laws compliance
Through the details given in the example, the Health Network works to comply with and regulate what the risk management process calls for. If the risk assessment framework is not well developed, this company would have to track and describe the risk analysis approach and identify individuals who should be interested, delegate them duties and positions, and distribute resources within the whole firm well (Sloot, et al. 2019). Health Network, Inc. is controlled by wireless charging and responsibility of health insurance (HIPAA). Monitor costs for Health Network amount to $2400.
The benefits projected are based on the losses suffered after management of the pre-control failure = 2000000$ - 200000$ = 1980000$.
In that case management worth is the value of the gains expected less the expense of control = 1980 $- 2400 $ = 1977,600 $.
Responsibilities and roles
All in the health network should be mindful of the risks and weaknesses in the data and knowledge it manages. If an individual is fully aware of the tasks and obligations of the team, it becomes the responsibility of the whole team to take care of the risks and identify the most important risk factors. Following the identification of risks, the high authority is informed of the measures to be implemented to prevent any disruption in the future. Those people who interact with the Risk Management Plan are:
— Chief Operating Officer — Chief executive director — Data customer and shareholders — Chief finance officer — Auditors — Human capital consultant — Firm's legal department — − Industry relevant management Firm's legal department.
Auditors
This are the performance drivers that enable Health Network, Inc. to successfully administer all treatments.
1. Identifying. In the risk assessment phase, effective detection of risks and properties plays an important function. Therefore, it is essential for the company to collect data from all individuals in all divisions to deter attacks during the initial phase (Laguado, et al. 2021).
2. Proactive. 2. Health Network, Inc. should guarantee that the method of risk assessment is strategic and not reactive. This helps it manage, recognize, evaluate and record its risks. A constructive strategy would often aim to prevent expensive disciplinary actions.
3. Basic maintenance of the risk control strategy.
4. Training of all people in the business
Plan
Threat: Hardware removal from the production system Risk: lack of knowledge and data of the company. Weakness: processes used in controlling access cannot monitor positions of different equipment used in different locations. This prevents the hardware from hacking as used outside the knowledge Centre.
Threat: Loosening the company details when property of a business has been hacked, including computers and cell devices. Risk: loss of data and knowledge of the company. Weakness: not configured apps on mobile devices to lock the machine when a failure is reported.
Threat: outages triggered by incidents such as faulty devices and applications, administration of transition, natural disasters, among others. Risk: lack of customers resulting in lower revenues. Weakness: UPS frameworks not involved in securing different frameworks from development interruptions.
Threat: Internet risks since goods from the Health Network are normally accessible through the internet. Risk: damage to company records by cyber criminals due to the destruction of critical information used during operations. Weakness: Protocols and firewalls that have not been upgraded or activated to protect different frameworks from unauthorized entry (Garg, et al. 2020).
Threat: Risks internally. Risk: Personal documents and knowledge destroyed by the company.
Weakness: Former employees, consultants and other external persons with access to information; inadequate control of the existing employees and access to unwanted information and records.
Threat: Negative shifts in the compliance and regulatory environment that might adjust the health network company's activities. Risk: customer failure and income reduction. Weakness: Management mechanisms shift and result in insufficiency as regulatory reforms are treated.
Conclusion
Finally, knowledge gathered from the risk assessments of an enterprise allows risk managers to conduct a cost-benefit analysis Risk management guides organization in relation to operations or steps, as well as strategies to fight attacks in addition to managing risks. It enabled the organizations to take the requisite precautions to avoid failure before loss occurred.
References
Garg, C. V., & Sam, A. (2020). Engagement of national cadet corps (NCC) cadets in disaster risk mitigation under pandemic COVID-19: A case study of Tamilnadu, Puducherry and Andaman & Nicobar Islands. IMPACT: International Journal of Research in Applied, Natural and Social Sciences (IMPACT: IJRANSS), 8, 15-24.
Laguado, S. A., Steavenson, R., & Mehvar, M. (2021). Areas of improvement in suicide risk identification, assessment, and risk mitigation documentation by mental health prescribers at a Veterans Affairs Health Care System. Administration and Policy in Mental Health and Mental Health Services Research, 1-6.
Srivastava, P., Alrasheedi, M., Badar, M. A., & Gupta, R. (2021). Risk Mitigation of SGU in Sugar Plant Using Fuzzy Digraph and Matrix Approach. In Reliability and Risk Modeling of Engineering Systems (pp. 89-106). Springer, Cham.
Sloot, R. N. F., Heutink, A., & Voordijk, J. T. (2019). Assessing usefulness of 4D BIM tools in risk mitigation strategies. Automation in construction, 106, 102881.
