+1 (208) 254-6996 [email protected]
  

CYB/207 v2

Wk 4 – Assignment Template

Don't use plagiarized sources. Get Your Custom Essay on
4 PHD Only
Just from $13/Page
Order Essay

CYB/205 v2

Page 2 of 2

C:\Users\djshirey\OneDrive - University of Phoenix\F_Drive\Style Guides\UPX Logos\Horizontal format\UOPX_Sig_Hor_Black_Medium.png

Wk 3 – Assignment Template

PHI/EPHI Policy Template

Version:

<Indicate the version of the policy, its revision date, and the approver.>

Purpose:

This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal Heal information (EPHI), except as specifically permitted or required by HIPAA regulation.

Scope:

<Describe who this applies to in the organization.>

Policy:

1. <Provide accurate definitions used in the policy, like PHI.>

2. <State how data must be stored (e.g., encrypted).>

3. <Indicate covered entities.>

4. <Indicate the consequences for a confidentiality breach.>

5. <Indicate what standards the policy follows (e.g., NIST SP800-53).>

Copyright 2020 by University of Phoenix. All rights reserved.

Copyright 2020 by University of Phoenix. All rights reserved.

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

C:\Users\djshirey\OneDrive - University of Phoenix\F_Drive\Style Guides\UPX Logos\Horizontal format\UOPX_Sig_Hor_Black_Medium.png

Wk 3 – Assignment Template

Risk Registry

Create a Risk Registry using the template below to accurately documenting the risk elements form the scenarios that can be used to track issues throughout the project.

Risk Description for Risk RegistryLikelihoodImpactRisk OwnerResources RequiredEstimated Completion Date
<Briefly describe the risk><Low, Medium, or High><Low, Medium, or High><List department or role><List hardware, software, personnel, and/or policy needed><Provide a date based on the risk complexity and today’s date>

Copyright 2020 by University of Phoenix. All rights reserved.

Copyright 2020 by University of Phoenix. All rights reserved.

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

C:\Users\djshirey\OneDrive - University of Phoenix\F_Drive\Style Guides\UPX Logos\Horizontal format\UOPX_Sig_Hor_Black_Medium.png

Wk 3 – Assignment Template

Security Assessment Plan Worksheet

Using the Assignment Scenario, complete the following worksheet.

Description of VulnerabilitySecurity Control Number and NameSecurity Control TypeSystem Categorization for Risk Level ImpactLast Assessment InformationAssetAssessment MethodPolicy Alignment
<Describe the vulnerability><List the Security Control name and number><Common, System-Specific, Hybrid><High, moderate, or low><Identify any security assessments from the past><Describe the asset that will be tested><Identify at least one way you can test this asset><Indicate what security policy aligns with the asset>

Copyright 2020 by University of Phoenix. All rights reserved.

Copyright 2020 by University of Phoenix. All rights reserved.

CYB/207 v2

Wk 4 – Assignment Template

CYB/205 v2

Page 2 of 2

C:\Users\djshirey\OneDrive - University of Phoenix\F_Drive\Style Guides\UPX Logos\Horizontal format\UOPX_Sig_Hor_Black_Medium.png

Assignment Scenario

Your company is a security service contractor that consults with businesses that are considered “covered entities” under HIPAA in the U.S. who require assistance in compliance with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.

Your client is Health Coverage Associates, a health insurance exchange in California and a covered entity. Because of the Patient Protection and Affordable Care Act (ACA), the exchange enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:

· Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database

· Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI

· Vulnerability #3: An unauthorized access to client accounts through the company’s login website via the cracking of weak passwords

The selection of security controls will go into the Security Assessment Plan (SAP) covered in Week Three. The SAP will address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.

The NIST HIPAA Security Toolkit Application, developed by the National Institute of Standards and Technology (NIST), is intended to help organizations better understand the requirements of the HIPAA Security Rule (HSR), implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services.

This scenario will be used in subsequent weeks of the course.

Copyright 2020 by University of Phoenix. All rights reserved.

Copyright 2020 by University of Phoenix. All rights reserved.

Order your essay today and save 10% with the discount code ESSAYHELP