ITC596 | Plan, Develop and Manage a Security Policy| IT Risk Management

Home Recent Questions ITC596 | Plan, Develop and Manage a Security Policy| IT Risk Management

Task

Assignment Two is comprised of two parts and your report should be no more than 5 pages excluding the cover page, table of contents and references.

Part One

Plan, Develop and Manage a Security Policy (10 marks)

Background:

Consider that the Commonwealth Government of Australia is planning to launch ‘My Health Record’ a secure online summary of an individual’s health information. The system is available to all Australians, My Health Record is an electronic summary of an individual’s key health information, drawn from their existing records and is designed to be integrated into existing local clinical systems.

The ‘My Health Record’ is driven by the need for the Health Industry to continue a process of reform to drive efficiencies into the health care system, improve the quality of patient care, whilst reducing several issues that were apparent from the lack of important information that is shared about patients e.g. reducing the rate of hospital admissions due to issues with prescribed medications. This reform is critical to address the escalating costs of healthcare that become unsustainable in the medium to long term
Individuals will control what goes into their My Health Record, and who is allowed to access it. An individual’s My Health Record allows them and their doctors, hospitals and other healthcare providers to view and share the individual’s health information to provide the best possible care.

The 'My Health Record' is used by various staff such as System Administrator, Doctor, Nurse, Pathologist and Patient. In order to convey and demonstrate the rules and regulations to the users of this system, Commonwealth Government of Australia needs a security policy.

You are employed as the Security Advisor for the organisation. The task that is handed to you by the Chief Information Officer now is to create, develop and manage "System Access Security Policy" for atleast any 3 users of the system.

Complete the following in your security policy:

• Plan System Access Security Policy
• Develop System Access Security Policy
• Manage System Access Security Policy

Part Two

Conducting a Risk Assessment (10 marks)

You will be given a list of organisation in week 3 by your lecturer and you can select any one organisation from them. The organisation uses various IT systems for its daily operations. Assume that you are appointed as an IT Systems Auditor for the chosen organisation and you are asked to provide a risk register must come up for the IT systems in the organisation.

• A brief introduction of the organisation and the IT systems
• Identify and explain any major risk in the IT systems components
• Discuss the consequences of the risk
• Inherent risk assessment, that is the assessed, raw/ untreated risk inherent in a process or activity without doing anything to reduce the likelihood or consequence
• Mitigate the risk
• Residual risk assessment, that is the assessed, risk in a process or activity in terms of likelihood and consequence after controls are applied to mitigate the risk.
• Create a Risk Register based on the risks identified in the IT systems and prioritise of the risk using a standardised framework such as the ANSI B11.0.TR3 Risk Assessment Matrix

Given the fact there is no clear prioritisation framework NOR risk appetite framework, the risk register is your professional assessment of the likelihood and consequence of the risks you identify. When preparing your risk register you should think carefully about the assets the chosen organisation may have and how these may be compromised from the perspective of Information Security.

Search Here

Latest Reviews

  • Kannon
    13 Jul, 2019

    I asked for essay help from Assignment Help 4 Me and I am happy that the essay writers completed my task on time. The prices they asked for are worth in comparison to the services rendered.

  • Liam
    13 Jul, 2019

    Assignment Help 4 Me is the best help provider. I took assistance to get my essay completed and I am glad that the writers delivered the quality content as they promised within the time committed.

  • Silas
    12 Jul, 2019

    Accounting is a very interesting subject but when it comes to assignment writing, I feel hard to get through the same. But, since the assignments have to be completed somehow, I preferred to avail online help from Assignment Help 4 Me. All thanks to them that they helped me complete my work on time at reasonable prices.

View All Reviews

Facebook

Assignment Help 4 Me