User Account

All Pages

develop and manage System Access Security Policy

Assignment Help Other Subject
Reference no: EM132371236 , Length: word count:1000

Assignment -

Assignment is comprised of two parts and your report should be no more than 5 pages excluding the cover page, table of contents and references.

Part One - Plan, Develop and Manage a Security Policy

Background: Consider that the Commonwealth Government of Australia is planning to launch 'My Health Record' a secure online summary of an individual's health information. The system is available to all Australians, My Health Record is an electronic summary of an individual's key health information, drawn from their existing records and is designed to be integrated into existing local clinical systems.

The 'My Health Record' is driven by the need for the Health Industry to continue a process of reform to drive efficiencies into the health care system, improve the quality of patient care, whilst reducing several issues that were apparent from the lack of important information that is shared about patients e.g. reducing the rate of hospital admissions due to issues with prescribed medications. This reform is critical to address the escalating costs of healthcare that become unsustainable in the medium to long term.

Individuals will control what goes into their My Health Record, and who is allowed to access it. An individual's My Health Record allows them and their doctors, hospitals and other healthcare providers to view and share the individual's health information to provide the best possible care.

The 'My Health Record' is used by various staff such as System Administrator, Doctor, Nurse, Pathologist and Patient. In order to convey and demonstrate the rules and regulations to the users of this system, Commonwealth Government of Australia needs a security policy.

You are employed as the Security Advisor for the organisation. The task that is handed to you by the Chief Information Officer now is to create, develop and manage "System Access Security Policy" for at least any 3 users of the system.

Complete the following in your security policy:

  • Plan System Access Security Policy
  • Develop System Access Security Policy
  • Manage System Access Security Policy

Part Two - Conducting a Risk Assessment

You will be given a list of organisation in week 3 by your lecturer and you can select any one organisation from them. The organisation uses various IT systems for its daily operations. Assume that you are appointed as an IT Systems Auditor for the chosen organisation and you are asked to provide a risk register must come up for the IT systems in the organisation.

  • A brief introduction of the organisation and the IT systems.
  • Identify and explain any major risk in the IT systems components.
  • Discuss the consequences of the risk.
  • Inherent risk assessment, that is the assessed, raw/ untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence.
  • Mitigate the risk.
  • Residual risk assessment, that is the assessed, risk in a process or activity in terms of likelihood and consequence after controls are applied to mitigate the risk.
  • Create a Risk Register based on the risks identified in the IT systems and prioritise of the risk using a standardised framework such as the ANSI B11.0.TR3 Risk Assessment Matrix.

Given the fact there is no clear prioritisation framework NOR risk appetite framework, the risk register is your professional assessment of the likelihood and consequence of the risks you identify. When preparing your risk register you should think carefully about the assets the chosen organisation may have and how these may be compromised from the perspective of Information Security.

Rationale - This assessment task will assess the following learning outcome/s:

  • be able to justify the goals and various key terms used in risk management and assess IT risk in business terms.
  • be able to apply both quantitative and qualitative risk management approaches and to compare and contrast the advantages of each approach.
  • be able to critically analyse the various approaches for mitigating security risk, including when to use insurance to transfer IT risk.
  • be able to critically evaluate IT security risks in terms of vulnerabilities targeted by hackers and the benefits of using intrusion detection systems, firewalls and vulnerability scanners to reduce risk.

Read the following requirements for submission.

1. Cover page

2. Table of contents

3. Part- 1 - My health record

3.1 Introduction - Outline your role, organisation details, purpose

3.2 System Access security policy - User 1

Section 1- Purpose

Section 2 - Policy

Section 3 - Procedures

Section 4 - Manage

3.3 System Access security policy - User 2

Section 1- Purpose

Section 2 - Policy

Section 3 - Procedures

Section 4 - Manage

3.4 System Access security policy - User 3

Section 1- Purpose

Section 2 - Policy

Section 3 - Procedures

Section 4 - Manage

4. Part- 2 - Risk Assessment

4.1 Introduction - Your role, organisation details, purpose

4.2 Major risk and consequences

4.3 Risk assessment matrix - Based on your knowledge , concepts , analysis and research, prepare your own report.

Reference no: EM132371236

Questions Cloud

Discuss the need of electronic data communication : HS1011 - Data Communication and Networks - Holmes Institute - Discuss the need of electronic data communication and networking to achieve business goals
Identify two of the strategies identified in the book : Describe the situation, describe how you reacted, identify two of the strategies identified in the book and dev. Critical Thinking questions you would ask.
Explain the generalized work activities scales : Explain the generalized work activities scales and your ratings of the abilities scales on the O*NET. Explain the statistical findings and the interrater.
Explain how the scene was constructed to create the illusion : Explain how the scene was constructed to create the illusion. What assumption are we making when we perceive the illusion. (Refer back to the background).
develop and manage System Access Security Policy : The task that is handed to you by the Chief Information Officer now is to create, develop and manage "System Access Security Policy"
Explain sampling and recruitment procedures used in research : NUR131-Identify and explain sampling and recruitment procedures used in the research? Discuss relevance for health professionals practice.
Explain the movement in each item recorded under liabilities : HA2032 - Corporate and Financial Accounting - Holmes Institute - Explain the movement in each item recorded under the owner equity section with the reason
Capital punishment : Capital Punishment - At least two factual, unbiased, detailed internet sources for each of the two issues.
How would you refute or counter the argument : How would you refute or counter the argument? Marvell uses a literary technique called "hyperbole" - (a form of exaggeration); give two examples.

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd