Security Assessment Report for Fielder Medical Center
Scenario
Fielder Medical Center (FMC) is a federally funded healthcare facility that seeks to expand its business into the local sale of medical equipment. As FMC sought to improve its data management in alignment with digitization goals, it implemented a system to manage the licensing, certificates, and relevant professional documents for the doctors working at FMC. Doctors are required to log in and upload sensitive artifacts that prove they are current in their licensing to practice. These artifacts may contain personally identifiable information about the doctor, including real name, home address, social security number, and other sensitive data.
Aside from the digitization of data for convenient management within FMC, the main purpose of this system is to allow access by the government for the purpose of validating information and securing federal funds on a recurring annual basis.
Concerns about security were discussed at a recent board meeting, and an external security consulting firm was hired to conduct a security assessment of FMC’s systems. This report identifies several potential compliance issues that would require the system security plan (SSP) to be updated, including security controls that are in place or planned for meeting system requirements.
As FMC’s CISO (Chief Information Security Officer), you are responsible for identifying and developing a cyber strategy to address the risks identified in the attached “Security Assessment Report for Fielder Medical Center” to ensure that FMC’s security posture is brought into alignment with the Federal Information Security Management Act (FISMA) requirements. As the new FMC system includes only doctor information and does not include patient information, compliance focuses on FISMA requirements instead of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule requirements.
A. Summarize the gaps that currently exist in the company’s security framework as described in the attached “Security Assessment Report for Fielder Medical Center” (SAR).
B. For each of the five identified controls in Section 3.3 of the SAR, do the following:
1. Identify the associated risk rating as low, moderate, or high and explain the risk.
2. Justify FMC’s decision to remediate the risk associated with the identified control instead of accepting the risk based on compliance and industry guidelines and support the justification with industry-respected sources.
Note: Be sure to include all five controls in part B1, and all five controls in part B2. Your submission will be returned if one or more controls are missing from part B1 or part B2.
C. Discuss how FMC should remediate the risks with each of the five controls identified in Section 3.3 of the SAR. For each risk, include any assets, actions, or changes that will be needed for remediation.
Note: Be sure to include all five controls from part B. Your submission will be returned if one or more controls are missing from part C.
D. Develop a PCI DSS (Payment Card Industry Data Security Standard) –compliant policy to address the three concerns identified in Section 3.2.4 of the SAR, including the roles and responsibilities associated for each requirement identified within the SAR to meet PCI DSS compliance.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
