Mystar Hospice Risk Mgmt Plan Essay Example
Mystar Hospice Risk Mgmt Plan Essay Example

Mystar Hospice Risk Mgmt Plan Essay Example

Available Only on StudyHippo
  • Pages: 3 (676 words)
  • Published: May 26, 2018
  • Type: Essay
View Entire Sample
Text preview

The agreement between Stronghold Securities and Mystery Hospice Care outlines the project's scope for calculating telecommunication upgrades, new network hardware and software upgrades, and executing security measures and programs for managers, network administrators, and security managers. To secure the integrity of the network, company interests, and peace of mind for current and future stakeholders, a security program will also be implemented. Currently, Mystery Hospice Care's network infrastructure relies on outdated technology that can easily be compromised by outside attackers or those within the organization. The security policy's components and a list of server controls will be briefly documented, along with an assessment of the client organization's operational security. The assessment has identified significant application security vulnerabilities that need addressing. There is no standard for security management.

In order to maintain consistent

...

security controls throughout Mystery Hospice Care, it is recommended that existing security standards such as ISO 17799 be evaluated and modified for use within the company. Personnel should be informed and trained on the use of this standard and information systems and procedures should be audited to ensure compliance. There are several types of computer incidents which may require Incident Response Team activation, including breach of personal information, denial of service, excessive port scans, firewall breaches, and virus outbreaks. To address physical security vulnerabilities, a list has been compiled which includes vulnerabilities related to the building, security perimeter, and server rooms. The building group pertains to vulnerabilities within the office of Mystery Hospice Care. The security perimeter group includes vulnerabilities related to the exterior office windows, doors, alarm system and surrounding area. The server room group is specific to any rooms that contai

View entire sample
Join StudyHippo to see entire essay

server equipment.

The building has vulnerabilities as several key doors are unlocked or can be forced open. This includes important doors within the interior office area, the utility room door with no lock, the modem pool room that is usually open and unlocked, and the system administrators office that is also usually unlocked and open. This poses a risk as valuable assets of Mystery Hospice Care can be stolen and/or destroyed with minimal effort from a determined attacker, thief, or disgruntled employee. It is recommended to replace current doors with stronger fire doors, replace existing door hardware with high security locks, and weld exterior hinge pins in place. To manage risks, a risk management plan should be periodically updated and expanded throughout the project life cycle or life of the company in order to identify and evaluate any potential risks. Stronghold Securities can assist in identifying risks and outlining mitigation actions.

The absence of an entryway access control system in a security perimeter can lead to vulnerabilities where unauthorized personnel can gain access without restriction. An effective system would require authorized personnel to enter a correct PIN number or use a unique access card to gain entry, with advanced systems providing log information. Without such a system, there are risks of unauthorized access and no records of personnel entries, making it impossible to disable access for specific individuals. To address this, available and suitable entryway access systems must be evaluated, appropriate procedures for assigning and removing access developed, and an appropriate system installed with assigned access rights. A documented Policies and Procedures for Mystery Hospice Care must also be in place, agreed upon by all

current and future employees in writing. Any policy violations will result in disciplinary actions. Current management personnel will conduct meetings to identify, analyze, plan, track, control, communicate, and address threats to the network infrastructure.The Server Controls Access Controls utilize user rights and authentications for network access. Access to Server Access is granted or concealed based on the logged-in user. Drive Encryption secures files even if drives are stolen or improperly discarded. If an intruder gains physical server access, Physical Security may be compromised, allowing machines to be removed. Anti-Virus Software with updated virus signatures prevents data corruption from new viruses. To prevent unnecessary software from existing on servers, it should only be used by company personnel for business purposes or deleted/disabled.

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New