Competency In this project, you will demonstrate your mastery of the following competency: Develop risk analysis and mitigation plans Scenario You are the IT risk assessment lead at Health Network,...

1 answer below »


In this project, you will demonstrate your mastery of the following competency:

  • Develop risk analysis and mitigation plans


You are the IT risk assessment lead at Health Network, Inc., a health services organization headquartered in Tampa, Florida. Health Network has over 700 employees throughout the organization and generates $500 million in revenue annually. The company has two additional locations in Seattle, Washington, and Arlington, Virginia. These locations support different aspects of corporate operations. Each facility is located near a data center, where production systems are located and managed by third-party data-center hosting vendors.

Health Network has three main products:

  1. HNetExchangeis the primary source of revenue for the company. The service handles secure electronic medical messages that originate from its customers, such as large hospitals, which are then routed to receiving customers such as clinics.
  1. HNetPayis a web portal used by many of the company’s HNetExchange customers to support the management of secure payments and billing. The HNetPay web portal, hosted at Health Network production sites, accepts various forms of payments and interacts with credit-card processing organizations, much like a web commerce shopping cart.
  1. HNetConnectis an online directory that lists doctors, clinics, and other medical facilities to allow Health Network customers to find the right type of care at the right locations. It contains doctors’ personal information, work addresses, medical certifications, and types of services that the doctors and clinics offer. Doctors are given credentials and are able to update the information in their profiles. Health Network customers, which are hospitals and clinics, connect to all three of the company’s products using HTTPS connections. Doctors and potential patients are able to make payments and update their profiles using internet-accessible HTTPS websites.

Health Network operates in three production data centers that provide high availability across the company’s products. The data centers host about 1,000 production servers, and Health Network maintains 650 corporate laptops and company-issued mobile devices for its employees.

A previous risk assessment identified the following threats:

  • Potential loss of data due to inappropriate hardware decommission
  • Potential loss of protected health information (PHI) from lost or stolen company-owned assets, such as mobile devices and laptops
  • Potential data loss due to corrupt production data resulting from a systems outage
  • Internet threats from hackers and other malicious actors
  • Insider threats due to social engineering, installation of malware and spyware
  • Changes in the regulatory landscape that may impact operations

Based on the findings of this risk assessment, Health Network administration has determined that the existing risk management plan does not take into account the above threats and is therefore out of date. You have been assigned to develop a new plan.


For this assignment, you will create a risk management plan for Health Network that contains the following objectives:

  1. Importance: Explain the plan’s purpose and importance for the key stakeholders of the organization.
  2. Scope: Define the scope and boundaries of the plan.
  3. Risks: Identify the organization’s primary internal and external risks based on the local environments where facilities are located.
  4. Safety: Describe physical and safety considerations associated with the identified risks.
  5. Business Impact: Conduct a business impact analysis (BIA) that determines the probability and significance of certain risky events and their potential impact on the various aspects of Health Network’s business.
  6. Mitigation: Identify strategies to mitigate these risks and to allow Health Network to continue operating (business continuity plan (BCP) and disaster recovery plan (DRP)) if these risks occur.

What to Submit

To complete this project, you must submit the following:

Risk Management Plan (5 to 10 pages)
The recommended length for this plan is 5 to 10 pages, single spaced, and submitted on a file that your instructor can easily access (.PDF, .doc).

Answered Same DayAug 16, 2022

Answer To: Competency In this project, you will demonstrate your mastery of the following competency: Develop...

Shubham answered on Aug 16 2022
14 Votes
The purpose of the plan is to create a risk assessment plan for three production data centers that provide high availability across the products of the company. In three data centers, it hosts around 1000 production servers, and the health network can maintain 650 mobile devices and co
rporate laptops.
There are three stakeholders that are involved in the organization that includes external stakeholders, internal stakeholders, and interface stakeholders. External stakeholders are the third category that includes special interest groups. This ill includes private accrediting associations, and government and professional associations. It includes some cases with overt collaboration for resolving the problem. Interface stakeholders function on the interface between environment and organization (Coventry & Branley, 2018). It includes major categories of stakeholders the medical board and medical staff. It provides sufficient inducement that makes a proper contribution to the organization. Internal stakeholders are entirely within the organization and it includes nonprofessional, management, and professional staff. It is the attempt for providing sufficient inducement and internal stakeholders for gaining continual contribution. It can help in determining inducements that are sufficient for contribution and it required making decisions based on alternative contributions.
The scope of the plan includes protection against external threats. The robust risk assessment plan includes accounts for regularly updated software and it helps organizations in responding and detecting devices, entry points, and methods being exploited. It can provide protection against internal threats. In the cyber security chain, the human factor is the weakest link. With the exponential growth of organizations, personal devices are used for business applications. The proactive monitoring of managed access and network can help in responding to and detecting threats.
It scope of a risk assessment plan requires a clear understanding of threat that can help in defining shortfalls and vulnerabilities that can help in early threat detection. The planning can help in gaining the undertaking the cu
ent IT environment of the organization and it allows to make required adaption for securing the network (Strielkina et al. 2018). It includes ongoing maintenance and monitoring by specialists for securing the system against attack. Proactive measures can be put in the place through penetration testing, business continuity planning, managing security, and security vulnerability scans. The organization can adhere to cyber security standards and mitigate risks that ensure compliance for enabling the business to follow best practices. It ensures accurate and complete compliance for local managed service and provides for being aware of applicable factors.
External risk includes phishing, ransomware, malware, and DDoS attacks that are used by...

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here