Security Risk Analysis at John Hopkins Hospital (Essay Sample)
For this task, imagine that you are a senior risk assessor for an organization (it may help to select a specific organization with which you are familiar). You have spent sleepless nights when conducting the security risk analysis (SRA) of the organization. Top-level management determines that the result of the SRA indicated excessive risk. Is excessive risk synonymous with lots of risk? What approaches can you use to handle confirmation of excessive risks in the organization?
Length: 4-6 pages, not including titles and reference pages.
References: Support your assignment with a minimum of 6 scholarly resources.
Your audience for this assignment is yourself. Discuss your own reasoning and thoughts on the assignment prompt and how you would act as the SRA for the organization you have chosen.
Your paper should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards. Be sure to adhere to Northcentral University's Academic Integrity Policy.source..
Security Risk Analysis
Security Risk Analysis at John Hopkins Hospital
Security risk analysis often referred to as risk assessment is essential to the security of all organizations. It is fundamental in ensuring that the implemented controls are in line with the risks that the organization faces. However, as technologies continue to advance, some have excessive risks with more rewards while others have lots of risks with no rewards. The amount of risks in a system is dependent on the type of technology. Therefore, it is important for enterprises to regularly conduct risk assessments which are an effective tool to determine and prevent violations within the enterprise. The security risk analysis report is useful to the management in informing decision-making processes that are aimed at minimizing inbound threats that would jeopardize the smooth running of operations. In ordinary circumstances, those targeted for the risk assessment include management level staff.
The security analysis exercise is often aimed at increasing responsiveness towards the organization's information technology initiatives focused on security. It ensures a better understanding of corporate programs and benchmarks the company's performance based on a comparison with other players in the same sector. The analysis also informs new proposals to improve the information security needs of the enterprise. Additionally, it enables the organization establish if the system has excessive risks or lots of risks. Excessive risks are those risks that have more rewards while lots of risks have no rewards.
Why conduct a security risk analysis?
Several explanations are advanced for the need to conduct an SRA. The technologies deployed in the hospital are adapted to their application depending on the general IT infrastructure requirements. The IT network of the hospital covers all departments and therefore systems deployment is characterized by various factors among them the technology infrastructural needs of every department. This characterization is significant in determining the resource allocation to each of these segments. Threat identification is a key component in the SRA. It informs the assessment of the threats and gives strategies to mitigate them. There are also system vulnerabilities which if not identified, can lead to system downtimes which can otherwise be mitigated. Overall, the outcomes of the SRA will address the focal areas of improved patient experience, improved health and a reduction in technology costs while staying compliant with the regulatory institutions. The hospital information systems management has a requirement to deal with both physical and virtual environments effectively because information concerning device discovery, device, and software inventories, as well as operating system inventories, is critical to successfully mitigate risks. Physical device inventory including MAC addresses, RAM and configurations are stored locally on the machine (Thorat et al., 2013).
So as to increase the efficiency of the IT environment, resource utilization is mapped logically in a virtual environment where access can be managed by a virtual machine, which uses specialized software, called a VMware (Lim et al., 2011). The technology integrates many elements such as server and storage facilities, network devices and software. The virtual machine runs independent virtual hardware facilities, operating systems, and applications as though it was a physical machine.
The activities of virtual machines are logged and are therefore easy to recall in case they need to be referenced for forensic purposes. The virtual machine can be accessed for generated images, memory dump, machine logs and configuration files. However, ...
YOU MAY ALSO LIKE
- Understanding Risks in Virtualized NetworksDescription: The paper will focus on highlighting the benefits and challenges involved in the use of virtualization. The paper will also analyze the risks associated to virtualization and the best practices involved in management of these threats....3 pages/≈825 words | 4 Sources | APA | Management | Essay |
- Analysis of the Quantitative Approach to RiskDescription: No business is immune to the probability of a risk occurring. According to Holton, a risk is a probability that a certain unfavorable event will take place....1 page/≈275 words | 4 Sources | APA | Management | Essay |
- Connections Between Ethics And MoralityDescription: While ethics and morals are different, they are constantly used interchangeably. However, there is a close connection between the two terms and their application at the individual, societal and even professional levels....3 pages/≈825 words | 5 Sources | APA | Management | Essay |