Cyber
Bandos051814Need help with a question.
3 years ago
30
files (5)CYB407_v2_Wk3_Assignment_Template.docx
Wk3Assn.docx
CYB407_v2_Wk3_Assignment_Template_Risk.docx
Wk2Assn.docx
CYB407_v2_Wk3_Assignment_Template_Plan.docx
CYB407_v2_Wk3_Assignment_Template.docx
CYB/207 v2
Wk 4 – Assignment Template
CYB/205 v2
Page 2 of 2
PHI/EPHI Policy Template
Version:
<Indicate the version of the policy, its revision date, and the approver.>
Purpose:
This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal Heal information (EPHI), except as specifically permitted or required by HIPAA regulation.
Scope:
<Describe who this applies to in the organization.>
Policy:
1. <Provide accurate definitions used in the policy, like PHI.>
2. <State how data must be stored (e.g., encrypted).>
3. <Indicate covered entities.>
4. <Indicate the consequences for a confidentiality breach.>
5. <Indicate what standards the policy follows (e.g., NIST SP800-53).>
Copyright 2020 by University of Phoenix. All rights reserved.
Wk3Assn.docx
Using the scenario presented in Wk 2 and the templates provided in the resources below, complete the following:
· 1- to 2-page Risk Registry accurately documenting the risk elements from the scenarios that can be used to track issues throughout the project
· 1- to 2-page Security Assessment Plan Worksheet
· 1-page PHI/EPHI Policy ( Note: In Week Five, you will practice writing policies again.)
Resources
· Ch. 2, “IT Risk Assessment,” of CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide.
· Wk 3 Assignment Template Plan
· Wk 3 Assignment Template Risk
CYB407_v2_Wk3_Assignment_Template_Risk.docx
CYB/207 v2
Wk 4 – Assignment Template
CYB/205 v2
Page 2 of 2
Risk Registry
Create a Risk Registry using the template below to accurately documenting the risk elements form the scenarios that can be used to track issues throughout the project.
|
Risk Description for Risk Registry |
Likelihood |
Impact |
Risk Owner |
Resources Required |
Estimated Completion Date |
|
<Briefly describe the risk> |
<Low, Medium, or High> |
<Low, Medium, or High> |
<List department or role> |
<List hardware, software, personnel, and/or policy needed> |
<Provide a date based on the risk complexity and today’s date> |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright 2020 by University of Phoenix. All rights reserved.
Wk2Assn.docx
Complete a 3- to 4-page HIPAA Toolkit worksheet using the template below.
|
Vulnerability Title and Description |
HRS Toolkit Question |
Security Control |
Calculate Risk |
Recommended Mitigation |
|
<Briefly describe the Vulnerability addressed in the Toolkit > |
<List the appropriate HRS Toolkit Question> |
<List the appropriate Security Control> |
<State the results of the NIST SP 800-30 calculation> |
<Describe the mitigation as indicated by the Toolkit> |
|
|
|
|
|
|
|
|
|
|
|
|
Complete the 3- to 4-page Wk 2 Assignment Template.
For each of the three vulnerabilities, complete the following:
· Cross-reference the HSR Toolkit questions to specific security controls within NIST SP 800-53a. (For example, for the Training question within the HSR Toolkit, the corresponding security controls within NIST SP 800-53a would be within the Awareness and Training Control Family (AT).)
· Use NISTSP 800-30 to accurately calculate the risks.
· Correctly describe how each selected question from the HSR Toolkit can help reduce the risks associated with the vulnerability.
· Paste the screenshots into the worksheet.
Cite all references according to APA guidelines.
CYB407_v2_Wk3_Assignment_Template_Plan.docx
CYB/207 v2
Wk 4 – Assignment Template
CYB/205 v2
Page 2 of 2
Security Assessment Plan Worksheet
Using the Assignment Scenario, complete the following worksheet.
Copyright 2020 by University of Phoenix. All rights reserved.
