information assurance

Due Sunday by 11:59pm Points 100 Submitting an external tool Available after May 4 at 12am

This module introduces an assignment that requires you to evaluate a risk assessment, which is missing encryption as a necessary element. You will address the omission and create the necessary content. You will revisit this scenario in Module 8, where you will use the information you prepared for this assignment as the basis to create a presentation for upper management to present your concerns about the proposed solution, justifications and implementation plan for addressing this organizational shortcoming.
Your organization has conducted an internal risk assessment led by the Chief Information Security Officer (CISO). While conducting the risk assessment, it becomes apparent that several key areas of the company are at risk of a data loss or breach. To assist the various departments in addressing the inadequacies of the existing system or process, the CISO has identified a list of priorities to address with the organizations leaders and management team. As much of the corporate workforce is geographically diverse and works externally, those employees utilize remote access to the company making the potential for loss great.
The CISO has determined one of the best defenses against intentional or accidental loss of a laptop and all the data stored therein, is creation and utilization of an encryption policy and procedure for all company laptop drives.
As the Assistant  CISO of your organization, you must help the CISO prepare a risk assessment briefing to management about the concerns that you have regarding the unencrypted data on the companys laptops and the ability for employees to remove laptops from the premises to conduct business. Your major concern is the rising issue of data breaches due to lost laptops.
Begin your research about these concerns by evaluating recent breaches that were the result of incomplete risk assessments (e.g., Veterans Administration breach) and consulting with the HIMSS.
Introduction to the Toolkit & Security Risk Assessment Basics
(Links to an external site.)
Risk Assessment Toolkit
(Links to an external site.)
Risk Assessment Toolkit – Breach Notification Guidance under the HIPAA Omnibus Rule
(Links to an external site.)
From the toolkit information, make a preliminary selection of the Type of Encryption you might suggest to management, the recommended Encryption Tools, and possible alternatives. Prepare a draft of this information for Module 5s assignment. It will be reviewed by your instructor and you will make the final recommendation in Module 8.
Your policy briefing should include all of the following:
Which computers fall under/are included in this policy?
What encryption would be used company-wide?
Why was this encryption adopted over other options (what are the benefits of your selection)?
How will the systems be retrofitted to include this encryption as most of the systems and users are remote?
In Module 8, you will refer to this information and utilizing any comments from your instructor, create a presentation including talking points, to relay the key aspects of this proposal to key management and the corporate leadership team.
Reference
https://www.himss.org/file/1307326/download?token=YtkPCgpZ
(Links to an external site.)

July 2014 Healthcare Information and Management Systems Society. [1]. Risk Assessment Toolkit. Breach Notification Guidance under the HIPAA Omnibus Rule.
Compose your work in a .doc or .docx file type using a word processor (such as Microsoft Word, etc.) and save it frequently to your computer.

Leave a Reply

Your email address will not be published. Required fields are marked *