The document discusses the need for HealthNet Network Inc, a healthcare company, to conduct a risk assessment to identify vulnerabilities and minimize threats. It outlines HealthNet's products, assets, and operations across three data centers. Two risk assessment techniques - quantitative and qualitative - are used to analyze threats like data breaches, cyberattacks, natural disasters, and system failures. A risk assessment matrix prioritizes risks based on their probability and impact. High risks include data loss from outages, compromised networks, and stolen assets. The analysis recommends measures to address vulnerabilities and minimize risks to HealthNet's systems, data, finances, and customers.
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
C3 Architecture Differences Between Domains
1. Discussion: Command and Control Architecture
Now that you have explored the various unmanned system C3
(Command, control, and communication) architectural design
features and their associated elements, you should be able to
compare and contrast via analysis the different technologies
employed by the different operational domains (air, ground,
maritime). Think of the deltas between the different domains
and how those differences impact the use of unmanned systems
from multiple perspectives, control, safety, human factors,
policy, etc. Your response should include your analysis of two
domains (air vs ground, air vs maritime, or ground vs maritime)
and how the C3 architecture is both common and yet unique
between the two different domains. Areas that you may want to
explore could include any combination of the below elements or
others that you identify.
Uniqueness between 2 different domains:
· Environment (ex: air, water, mountain, sand …)
· Communication Links
· Command and Control Strategies
· Commonalities between 2 different domains
· Control Systems (ex: GCS, GUI …)
· Remote Vehicle (ex: UAV, UGV, UUV)
Risk Assessment Plan
2. Risk in Healthcare organization is prevalent. Thus any
healthcare company must have a qualified risk manager who can
assess, develop, implement & monitor risk management plan by
which company can minimize exposures to threats. Risk
assessment for all companies needs to be done after every
specific period, which helps the company to take measures
against new threats that might expose a vulnerability in future
and impact in a loss for a company such as a loss of servers,
loss of customer data, loss of company’s confidential
information. HealthNet Network Inc needs an updated risk
assessment so that management can make better decisions for
the future and save companies assets, money, and their
customers data. Currently, HealthNet has three main products
i.e., HealthNet Exchange, HealthNet Pay and HealthNet
Connect, and all three products access the company servers,
customer data, payment portals, hospitals data through their
website. Threat isn’t just the outside forces that can
compromise company system, there is always more to that such
as natural disasters, threat to system failure, Accidental human
and the most important one is Malicious threat. Currently,
HealthNet has three data centers at each location i.e.,
Minneapolis, Portland, and Arlington; third party vendor
manages all. There are more than 1000 data servers and around
650 corporate laptops with other mobile devices. Production
centers are also located at the data centers. With new Risk
assessment plan for HealthNet can check the most current
opportunities, threats, vulnerabilities, strengths of the company
which can help management to take better decisions in future
such as where & how much money do the company needs to
invest in protecting HealtNet products from possible future
Risks. For HealthNet company products to work properly; It is
essential to identify the scope of the plan to avoid the risk of
“Scope Creep,” i.e., the scope of the project increases
uncontrollably. One of the significant scope for HealthNet Inc
is to ensure HIPAA compliance for HealthNet Inc data. Some of
the other scope are defined as follows:
3. · HNet Exchange should be able to transfer data securely
between the hospitals or clinics.
· Exchange of medical messages between the customers should
be done safely, and electronic messages should maintain their
authenticity.
· All the payments should be made through HNet Pay portal.
· HNet Pay should support secure payments such as using
HTTPS links.
· HNet Connect contains all the doctor or patient information
that should not be leaked to everyone, so it should be made sure
only accessible person can look for doctors or patients profile.
· All the three products are accessible through internet so secure
network, good firewalls, updated antivirus and software,
Intrusion detection system, and high good quality servers and
equipment’s, should be used.
· Identification, storage, usage, and transmission of health data.
· Proper security policies are followed by all the employees.
For the Risk assessment, we can use the following equation to
check the impact of that Risk:
Risk = Threat * Vulnerability
Risk is always high is the vulnerability is high, and Risk is low
when our vulnerability is low. Threats are always out there, and
it’s the vulnerability that threat always exposes and results in
Risk. We can use the Risk Assessment Matrix to measure the
impact of the Risk, which can weigh as High, Medium, and
Low. Following two techniques are used to assess the Risk for
HealthNet Inc.
· Quantitative Risk Assessment
Technique is used to calculate the actual cost and helped to
identify priority of risks and effectiveness of controls.
· Qualitative Risk Assessment
Is a subjective method based on opinions from expert? Experts
tell about their views about the likelihood & impact of the risks.
After looking at the following table, we can prioritize risks for
4. HNet inc. (Derril Gibson, 2015)
Attacks
Probability
Impact
Risk Level
Loss of Protected Health Information Leaked from unauthorized
Access
30
100
0.3*100
30%
DOS Attack
100
100
1.0*100
=100%
Accidental Human (Unintentional)
100
100
1.0*100
=100%
Web Defacing
50
90
.50*90
45%
Natural Disaster
50
100
.50*100
50%
Loss of website due to hardware or System Failure
30
5. 100
.30*100
30%
Attacker or Hacker ,(Malicious Attack)
100
100
1.0*100
100%
By using these techniques following threats are recognized at
HealthCare Net Inc
· Production systems helps to produce information for the
company and to get the data. These systems should be working
correctly. Threat is noticed that company data losses when
hardware being removed from production systems.
· Many laptops and mobile devices are stolen, which are
considered to be as company assets, and with every stolen asset
company losses information.
· All three company products are accessible through the
internet, and there is always an internet threat such as any
hacker or malicious attack over the internet.
· Threat of Natural disasters such as floods, hurricane,
tornadoes, etc. can cause production outages, which can result
in a loss to the company.
· Insider Threat- Someone can make a mistake, and the threat of
doing this is very high. Threats of human doing accidentally is
always high.
· Threat of system failure. This threat will be low if we use
good and high-quality products or equipment for servers &
system safety. We should never eliminate the possibility of
system failure, or CPU fan is burn out, or power supply is out,
or motherboard dies. Threat of all this is happening is high if
equipment quality is low.
Following risk assessment matrix is used to tell the impact of
all the possible risk in HealthCare Net company environment.
(Derril Gibson, 2015)
6. Risk
Threat
Vulnerability
Impact of Risk
Loss of data because of Production system outage.
· Natural Disaster such as Floods
· Hurricanes
· Earthquakes
Location
High
Loss of data
· Insider Threat
· Internet Threat
· Hacker
· No Firewall
· Access control not properly implemented
· No Intrusion detection system on server
High
Network compromised
Malware
Antivirus software outdated or not renewed
High
Loss of company Information
· Stolen data
· Stolen assets such laptops, mobile devices
· Access Control not implemented
High
Loss of confidentiality
Hacker
Public facing server not protected with firewalls and intrusion
detection systems
High
Loss of customer
7. System Failure
Low quality equipment’s are used
High
Loss of Money
Internal
Lack of information about Policies such as HIPPA
Low
After Prioritizing the risk, Business Impact Analysis is done to
check the impact of these risk on HealthNet Inc. Following
threats are identified after doing the BIA.
· System outages
· Loss of confidential data
· loss of company Information,
· Loss of company Assets
· Loss of money
Resources are needed to get back our system online quickly if in
case system outages occur. Following measures should be
considered as soon as possible in the future to minimize the
vulnerabilities that lead HealthNet to above-stated risks.
· Cloud storage backup of data in case system outage occurs
· High-quality Intrusion detection system and proper access
controls should be implemented again to make sure there is no
unauthorized access.
· New insurance should be purchased for HealthNet, To insure
all the Assets
· Policies should be updated, and proper training held by
department managers
· Server protection software should be updated
· Antivirus software at the systems should be updated and
renewed till the time of next risk assessment
8. References:
· [Eli the Computer Guy] (2010, Dec 13) Introduction to Risk
Assessment. Retrieved from.
https://www.youtube.com/watch?v=EWdfovZIg2g
· Article, n.d. (2018). What Is Risk Management in Healthcare?
Retrieved from. https://catalyst.nejm.org/what-is-risk-
management-in-healthcare/
· Gibson, D. (2015). Managing Risk in Information Systems,
2nd edition. Burlington, MA: Jones & Bartlett, 2015