Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Scenario You are an information technology (IT) intern working for Health Networ

ID: 430461 • Letter: S

Question

Scenario You are an information technology (IT) intern working for Health Network, Inc. (Health Network), a fictitious health services organization headquartered in Minneapolis, Minnesota. Health Network has over 600 employees throughout the organization and generates $500 million USD in annual revenue. The company has two additional locations in Portland, Oregon and Arlington, Virginia, which support a mix of corporate operations. Each corporate facility is located near a colocation data center, where production systems are located and managed by third-party data center hosting vendors.

Company Products Health Network has three main products: HNetExchange, HNetPay, and HNetConnect.

HNetExchange is the primary source of revenue for the company. The service handles secure electronic medical messages that originate from its customers, such as large hospitals, which are then routed to receiving customers such as clinics.

HNetPay is a Web portal used by many of the company’s HNetExchange customers to support the management of secure payments and billing. The HNetPay Web portal, hosted at Health Network production sites, accepts various forms of payments and interacts with credit-card processing organizations much like a Web commerce shopping cart. HNetConnect is an online directory that lists doctors, clinics, and other medical facilities to allow Health Network customers to find the right type of care at the right locations. It contains doctors’ personal information, work addresses, medical certifications, and types of services that the doctors and clinics offer. Doctors are given credentials and are able to update the information in their profile. Health Network customers, which are the hospitals and clinics, connect to all three of the company’s products using HTTPS connections. Doctors and potential patients are able to make payments and update their profiles using Internet-accessible HTTPS Web sites.

Information Technology Infrastructure Overview

Health Network operates in three production data centers that provide high availability across the company’s products. The data centers host about 1,000 production servers, and Health Network maintains 650 corporate laptops and company-issued mobile devices for its employees. Threats Identified Upon review of the current risk management plan, the following threats were identified:

? Loss of company data due to hardware being removed from production systems ? Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops

? Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and so on

? Internet threats due to company products being accessible on the Internet

? Insider threats

? Changes in regulatory landscape that may impact operations Management Request

Senior management at Health Network has determined that the existing risk management plan for the organization is out of date and a new risk management plan must be developed. Because of the importance of risk management to the organization, senior management is committed to and supportive of the project to develop a new plan. You have been assigned to develop this new plan. Additional threats other than those described previously may be discovered when re-evaluating the current threat landscape during the risk assessment phase. The budget for this project has not been defined due to senior management’s desire to react to any and all material risks that are identified within the new plan. Given the company’s annual revenue, reasonable expectations can be determined.

Project Part 1 Task 1: Risk Management Plan For the first part of the assigned project, you must create an initial draft of the final risk management plan.

Explanation / Answer

The key Risks to Health Network, Inc. (Health Network), a fictitious health services organization headquartered in Minneapolis, Minnesota are as follows:

1.      Loss of company data due to hardware being removed from production systems.

2.      Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops.

3.      Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, etc.

4.      Internet threats due to company products being accessible on the Internet.

5.      Insider threats.

6.      Changes in regulatory landscape that may impact operations Management Request.

Threat

Outcome

Existing risk plan in place

Likelihood

Consequence

Rating

Proposed revised plan

Loss of data due to the removal of hardware from production systems

Failure of the production process and errors in production

Replace the hardware immediately with approuvals

3

4

Severe

Have a pre-approved a budget to immediately arrange the hardware

Loss of company data due to loss of company assets

Data loss and important information is compromised

Replace the asset and follow the laid down process

4

4

Severe

Data back up in all assets, all laptops to have passwords and data locking system which cannot be hacked even if the asset is lost.

Loss of customers due to outages such as natural disaster etc

The entire process will be stalled and all work will stop immediately

Disaster plan is in place but hasn’t been reviewed since long

1

5

high

The organsiation will keep two places of work at different geographic locations. The backup support will be strengthened and disaster plan will be reworked immediately.

Internet threats

The entire process will be stalled

Technical team will resolve immediately

3

5

Severe

Back up internet though expensive will be kept at all times.

Insider threats

The entire system will be at risk

The violations will be analyzed and found and action taken.

5

5

High

The authority for data access has to be limited and sanctions required for accessing critical and vulnerable information.

Change in the regulatory landscape

The regulation will have to be adhered to and processes changed accordingly.

The regulation will be reviewed.

2

2

low

The necessary plan will be made as per changes asked.

Risk rating

Description

Action

1-2

Low

Action in 6 months

3-4

Moderate

Action within 1 month

5-6

High

Action within 1 week

7-8

Severe

Immediate action required

Likelihood of event Occurring

Rare

UnLikely

Moderate

Likely

Certain

The event may occur rarely in exceptional conditions

The event may occur

The event might probably occur at some time

High chances of the event to occur

The event will occur

Occurrence

Once a year

Once in 6 months to 1 year

Once in 3-6 months

Once in a month

Every week

Level

1

2

3

4

5

Threat

Outcome

Existing risk plan in place

Likelihood

Consequence

Rating

Proposed revised plan

Loss of data due to the removal of hardware from production systems

Failure of the production process and errors in production

Replace the hardware immediately with approuvals

3

4

Severe

Have a pre-approved a budget to immediately arrange the hardware

Loss of company data due to loss of company assets

Data loss and important information is compromised

Replace the asset and follow the laid down process

4

4

Severe

Data back up in all assets, all laptops to have passwords and data locking system which cannot be hacked even if the asset is lost.

Loss of customers due to outages such as natural disaster etc

The entire process will be stalled and all work will stop immediately

Disaster plan is in place but hasn’t been reviewed since long

1

5

high

The organsiation will keep two places of work at different geographic locations. The backup support will be strengthened and disaster plan will be reworked immediately.

Internet threats

The entire process will be stalled

Technical team will resolve immediately

3

5

Severe

Back up internet though expensive will be kept at all times.

Insider threats

The entire system will be at risk

The violations will be analyzed and found and action taken.

5

5

High

The authority for data access has to be limited and sanctions required for accessing critical and vulnerable information.

Change in the regulatory landscape

The regulation will have to be adhered to and processes changed accordingly.

The regulation will be reviewed.

2

2

low

The necessary plan will be made as per changes asked.

Related Questions

Scenario Imagine that a group of advisors to the president has suggested providi
Question #1258767
Scenario Imagine that you are on a team of counselors who have been called in to
Question #130619
Scenario Imagine that you are on a team of counselors who have been called in to
Question #130620
Scenario Imagine that you are on a team of counselors who have been called in to
Question #130621
Scenario Imagine that you are on a team of counselors who have been called in to
Question #130726
Scenario In 2008, the government initiated an $8,000 tax credit for first-time h
Question #2718561
Scenario In Assessment 4, you developed a job analysis for CapraTek\'s regional
Question #417559
Scenario In Week Two, you sat in the CFO chair, studied a real world hospital Ac
Question #3199307
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Scenario You are an electrical engineer for Packaging, Inc. Your boss has assign
Next
Scenario You are an information technology web specialist working for Up-North f

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.