- 1. Introduction:
- 2. Objectives of the risk management plan:
- 2.1. Case specific deliverables
- 2.2. Threats and vulnerabilities
- 2.3. Mitigation with justification
- 2.4. Cost for changes
- Tabular representation
- 3. Scope of the risk management plan
- 3.1. Scope definition
- 3.2. Mitigation activities
- 4. Roles and responsibilities
AD health network has been known as one of the most reputed healthcare organization within Dubai. In order to conduct their overall services they are always depend on the information technology. The usage of the information technology is very often within the workplace of AD healthcare network. They have over 600 employees. As per the case scenario, it has been examined that the organization is mainly dealing with three products or services, which has been proved as very crucial for them in order to generate revenue from their businesses. Net Exchange as along with Net pay and Net connect has been deemed as their major services. They conveyed on those services in the process of generate income. As per the analysis, it has been examined that the net exchange has been known as their major source by which they are generating the majority of their revenue. This system provides facility to hold all the secret message from the customers or the patients from the different of hospitals. This process has also been helpful for the healthcare organization in order to getting more customers.
Just like the net exchange, net pay has also been deemed as one of another major service. In the current phenomena, it has been perceived that many of the organization are using this in order to smoothen their business operations. Usage of the net pay within AD healthcare service is also very high. This process has been known as very effective in order to conduct the entire billing process in a safe and secure way (Azhar, 2015). This particular process is helping the customers in order to pay their bills easily and securely. AD health network accept many of those payment methods by which their customers can easily deposit their bills. Acceptance of the credit card has also been including in the net pay system of AD health network. Last but not the least, H net connect is their another major service by which they are helping the people in many possible ways. Hnet connect is playing a huge for the AD healthcare network. This system provides an additional edge to the customers to know the details about their doctors, desired clinics or any kind of needed information (Azhar, et al., 2015). This service has also become very crucial for the customers in order to receive proper treatment.
However, there are many of those major issues has been identified, by which the entire risk management procedure could be accomplished. Losing the company data has been known as their major issues. They are facing this problem often. Removal of the hardware from the production system is the major reason behind this issue. Loss of the devices is another major issue for them within their organizational context. Losing the customers due to some factors such as natural disasters along with unstable software is also an issue for the AD health network. Dealing with the several cyber threats has been considered as another major concern.
2. Objectives of the risk management plan:
Assessment of the possible impact- here the identified risks in the previous stages are calculated based on the overall impact of the same. Here the each risk that has been identified is analysed in the business context and used for understanding the impacts of the risk on the organizational procedures which amounts up to the understanding the scope of the project and the overall initiative that helps in the formation of the mitigation strategies. This identification stage is instrumental for the formation of the different parts of the risk mangment plan as the risk and their impact and probability are used to prioritise the risks in the mitigation strategy. Thus, the stage is important for a balanced approach on the plan that takes the mitigation strategies based on the importance and priority of the risk in the case.
2.1. Case specific deliverables
Ensuring stable networking system:
Improve the security aspects:
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the studentsPlace Your Order
2.2. Threats and vulnerabilities
? The device based security is also another threat as the personal mobile computing devices used by the employees to access the company system and the use of the storage of confidential data of the clients. This not only affected by the loss of data due to memory failure but also the threat of the data being misused in case of the mobile device is stolen. Thus, this is the second most important threat to the organization in terms of data security.
? The threat of the company production is being affected by various situations are another threat to the system which can affect and are only partially manageable. The natural disaster and other barriers are impenetrable by this plan but the aspect of the system security and cultural aspects of the data management process can easily be mitigated. As a result, threat can never be fully addressed but only managed through contingency planning and leaving room for these barriers in the Therefore, this part of the threat is only partially addressed by the plan.
? The company website and databases accessed through the internet are another thereat as the client information can be accessed through the internet, which threatens the client safety of the company. This is another threat in the system.
? The final threat that can be most easily managed is the practices of the employees and the organizational guidelines on data security and the protection which addressed the security issues that arise from the standard practices of the organization and the culture being emphatic on the security aspect of the information and vulnerabilities of the system.
The vulnerabilities of the system that can be understood from the threat are the following, which are case specific can thus important for the mitigation strategy or management of risk.
? System vulnerabilities- the lack of data backup and cloud storage are the main vulnerability resulting in data loss and the loss of organisational efficiency and security. This primary vulnerability needs to be addressed by the system.
? Hardware vulnerabilities- the security protocols for the accessing the data through different devices and the internet are the main cause of the data theft resulting loss of organizational credibility to the client and the vulnerabilities therefore are based on the overall scope of the project.
? Human aspects- the human usage practices and the culture of data security are another vulnerability of the system as identified from the threat section of the practice and the organizational culture and standard procedures are being affected by the human element that needs to system vulnerabilities.
2.3. Mitigation with justification
? Using cloud storage – starting to use cloud storage instead of the hardware of the office is a step that is bound to reduce the data theft problems is the access to the offsite database can only be accessed through user verification and tracking of usage is possible. This makes sure that any theft of or loss of hardware does not affect the operational capability of the organization.
? Internet security software - the use of internet security software on the company internet access prevents from malware and other backdoors used for data theft that can impact the company reputation and this is a precautionary measure to detect any breach in early stages and minimise the impact.
? User authentication via biometrics in remote database access- the use of authentication for every access to the database from mobile devices is one solution that can prevent the stolen devices being used for compromising thing the whole system. The use of biometrics instead of password-only strengthens the process as the biometrics can never be shared or duplicated like fingerprint or face recognition.
? Banning unauthorised devices from accessing network by employees – barring the access of database from unauthorised devices is another security measure that reduces the risk considerably as the list of devices that can access the online storage remotely can prevent and data theft due to backup and use of any stolen computing device for compromising client and patient information.
2.4. Cost for changes
This the cost related to the different mitigation techniques vary greatly. A list of the following steps is given approximately.
• Hiring network management professionals—$40000-/month
• Cloud storage- 29.95 for 5TB
• Authentication system- $15000
• Changing personal competing device usage policy in organization-$150 for motive and advertisement
3. Scope of the risk management plan
3.1. Scope definition
3.2. Mitigation activities
? Implantation of cloud storage – the cloud storage backup would prevent back up and thus mitigate the effects of hardware failure on the company functionality and data security.
? Authentication system development for database access- the authentication system development for the mobile computing devices using biometrics would prevent unauthorised access, secure the client information, and prevent the stolen devices from affecting the client data.
? Hardware backup on different locations- the same file being stored in different locations prevent the hardware failures from affecting the database of client information and at least minimise it if not prevent it entirely.
? Internet security software- the use of internet security software can help secure the information transfer process and prevent the internet channels from being accessible by unauthorised parties.
4. Roles and responsibilities
The responsibilities for the different tasks in the risk management process can be easily represented in the RACI chart. The different roles are defined in the presented RACI chart according to the following codes
task manager Network experts Higher management Third party vendor
Implementing cloud storage R RI I A
Authentication system development R A IR
Hardware backup R RA IR A
Internet security R I I A