Cyber
Bandos051814Need help with a question.
3 years ago
30
files (1)Wk2407.docx
Wk2407.docx
Assignment Content
1.
Top of Form
Read the Assignment Scenario document. (Attached)
Part 1 – Lab (Omit. Screenshots attached)
Navigate to the uCertify HIPAA Lab by using the access link below this assignment in the Wk 2 folder. Directions for navigating the HSR Toolkit are provided in the lab.
Follow the instructions for choosing specific security controls to address the listed vulnerabilities.
Take screenshots from the HSR Toolkit for your responses to the selected security control questions within the HSR Toolkit. You will submit the screenshots along with the worksheet.
Part 2 – Worksheet
Complete the 3- to 4-page Wk 2 Assignment Template . (Attached)
For each of the three vulnerabilities, complete the following:
· Cross-reference the HSR Toolkit questions to specific security controls within NIST SP 800-53a . (For example, for the Training question within the HSR Toolkit, the corresponding security controls within NIST SP 800-53a would be within the Awareness and Training Control Family (AT).)
· Use NISTSP 800-30 to accurately calculate the risks.
· Correctly describe how each selected question from the HSR Toolkit can help reduce the risks associated with the vulnerability.
· Paste the screenshots into the worksheet.
Cite all references according to APA guidelines.
Assignment Scenario
Your company is a security service contractor that consults with businesses that are considered “covered entities” under HIPAA in the U.S. who require assistance in compliance with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.
Your client is Health Coverage Associates, a health insurance exchange in California and a covered entity. Because of the Patient Protection and Affordable Care Act (ACA), the exchange enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:
· Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database
· Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI
· Vulnerability #3: An unauthorized access to client accounts through the company’s login website via the cracking of weak passwords
The selection of security controls will go into the Security Assessment Plan (SAP) covered in Week Three. The SAP will address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.
The NIST HIPAA Security Toolkit Application, developed by the National Institute of Standards and Technology (NIST), is intended to help organizations better understand the requirements of the HIPAA Security Rule (HSR), implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services.
This scenario will be used in subsequent weeks of the course.
Wk 2 – Assignment Template
HIPAA Security Rule (HRS) Toolkit Worksheet
Complete a 3- to 4-page HIPAA Toolkit worksheet using the template below.
|
Vulnerability Title and Description |
HRS Toolkit Question |
Security Control |
Calculate Risk |
Recommended Mitigation |
|
<Briefly describe the Vulnerability addressed in the Toolkit > |
<List the appropriate HRS Toolkit Question> |
<List the appropriate Security Control> |
<State the results of the NIST SP 800-30 calculation> |
<Describe the mitigation as indicated by the Toolkit> |
|
|
|
|
|
|
|
|
|
|
|
|
image1.png
image2.png
image3.png
image4.png
image5.png
image6.png
image7.png
Wk2407.docx
Assignment Content
1.
Top of Form
Read the Assignment Scenario document. (Attached)
Part 1 – Lab (Omit. Screenshots attached)
Navigate to the uCertify HIPAA Lab by using the access link below this assignment in the Wk 2 folder. Directions for navigating the HSR Toolkit are provided in the lab.
Follow the instructions for choosing specific security controls to address the listed vulnerabilities.
Take screenshots from the HSR Toolkit for your responses to the selected security control questions within the HSR Toolkit. You will submit the screenshots along with the worksheet.
Part 2 – Worksheet
Complete the 3- to 4-page Wk 2 Assignment Template . (Attached)
For each of the three vulnerabilities, complete the following:
· Cross-reference the HSR Toolkit questions to specific security controls within NIST SP 800-53a . (For example, for the Training question within the HSR Toolkit, the corresponding security controls within NIST SP 800-53a would be within the Awareness and Training Control Family (AT).)
· Use NISTSP 800-30 to accurately calculate the risks.
· Correctly describe how each selected question from the HSR Toolkit can help reduce the risks associated with the vulnerability.
· Paste the screenshots into the worksheet.
Cite all references according to APA guidelines.
Assignment Scenario
Your company is a security service contractor that consults with businesses that are considered “covered entities” under HIPAA in the U.S. who require assistance in compliance with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.
Your client is Health Coverage Associates, a health insurance exchange in California and a covered entity. Because of the Patient Protection and Affordable Care Act (ACA), the exchange enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:
· Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database
· Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI
· Vulnerability #3: An unauthorized access to client accounts through the company’s login website via the cracking of weak passwords
The selection of security controls will go into the Security Assessment Plan (SAP) covered in Week Three. The SAP will address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.
The NIST HIPAA Security Toolkit Application, developed by the National Institute of Standards and Technology (NIST), is intended to help organizations better understand the requirements of the HIPAA Security Rule (HSR), implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services.
This scenario will be used in subsequent weeks of the course.
Wk 2 – Assignment Template
HIPAA Security Rule (HRS) Toolkit Worksheet
Complete a 3- to 4-page HIPAA Toolkit worksheet using the template below.
|
Vulnerability Title and Description |
HRS Toolkit Question |
Security Control |
Calculate Risk |
Recommended Mitigation |
|
<Briefly describe the Vulnerability addressed in the Toolkit > |
<List the appropriate HRS Toolkit Question> |
<List the appropriate Security Control> |
<State the results of the NIST SP 800-30 calculation> |
<Describe the mitigation as indicated by the Toolkit> |
|
|
|
|
|
|
|
|
|
|
|
|
image1.png
image2.png
image3.png
image4.png
image5.png
image6.png
image7.png
- XMGT 216 Week 3 CheckPoint Ethics Awareness Inventory
- Professor Anthony
- Perceptual process for hearing
- STEREOTYPES
- I need a power point presentation 20-25 slides
- Matlab
- QNT 561 Week 5 Quiz 1st Attempt
- QNT 561 BlackBerry Research part one (Final draft)
- QNT 351 Week 1, Individual Assignment - Statistics in Business
- POL 443 Week 5 Assignment Public Policy Influences Paper
