IT-420Final Project Milestone One Draft of Risk Analysis Paper

IT-420Final Project Milestone One: Draft of Risk Analysis Paper

SNHU

Introduction

This Information Technology risk analysis draft analyzes and defines the risks and potential threats to ABC Health Company, its affiliates and its customers. This risk analysis is an analysis of the current company structure, work processes and its ability to adhere to current cyberlaws and ethics policies. I have analyzed the critical elements that must be addressed by the ABC Health Care organization which are:

This risk analysis draft defines the critical areas of ABC Health Care organization that must be addressed in order to comply with current IT Cyberlaws and regulations in the above-mentioned areas. ABC Health Care’s entire staff must have knowledge of the ethical standards and policies of current cyber laws that govern ABC Health Care’s business objectives & goals. Currently ABC Health Care company has failedto create company guidelines or any policies for use of the company computers or network. This is a criticalcode of ethics violation to current cyber laws and an acceptable policy must be deployed immediately. ABC Health Care is currently at a very high riskto be held in violation and liable for cyberlaw crime.

1. ABC Health Care’scurrent handling of its clients and employee’s information
2. ABC Health Care’s code ethics
3. ABC Health Care’s compliance to cyber laws and policies

IT Structure

The IT structure of ABC Health Care is a small work force of under 50 employees. Due to this small company size many communications might be done on a verbal basis. This can cause conflicts in proper handling of data and managements lack of control to oversee correct course of actions. Currently ABC Health Care administration office has insecure lay out where the HR department, billing department and appointment scheduling staff are in the same area as the health records staff. This causes serious concerns about the ease of an inside data breach to the health records of ABC Health Care’s clients. Cybersecurity is about implementing requirements and managing cyber risks with properly structured company. ABC Health Care lacks a written policy and documentation standard to insure all cyber security risks internal and external are at an acceptable level, (as close to zero as possible).

ABC Health Care should use a Pyramid structure design to group its company staff and departments by their function and importance corresponding to the company’s flow chart. By organizing ABC Health Care staff in categories of their areas of operation and importance in the flow of businesses, ABC Health Care will not only comply with cyberlaw ethical regulations better, its work flow will be more efficient. Areas where ABC Health care client’s sensitive information is located must be restricted to personnel with a need to know basis. This will reduce the risk of purposeful or negligent mishandling of ABC Health Care’s client’s information.

Cyberlaws& Ethics Regulations

Virtually all software, applications, systems and devices are now connected to the Internet. This is a reality that cybercriminals recognize and are actively exploiting. Some 94 percent of medical institutions said their organizations have been victims of a cyber-attack, according to the Ponemon Institute. 3 Now, with the push to digitize all health care records, the emergence of HealthCare.gov and an outpouring of electronic protected health information (ePHI) being exchanged online, even more attack surfaces are being exposed in the health care field. Currently ABC Health care violates every law, regulation and ethics code in the books. The FTC currently has laws pertaining to Protecting your files and devices by keeping your software up-to-date, back up files, use strong passwords with two-factor authentication, deter from leaving IT devices unlocked when unattended and password protect all devices. All ABC employees need to think before they share information by using only use secure/encrypted outlets to protect sensitive information. Networks wired and Wi/Fi need to be secure! Default user names and passwords need to be changed, all software updated continually, zero remote network management features, log-out and default time out to lessen the risk of someone piggybacking into the network. FTC.gov/SmallBusiness, has many tools to help small business-like ABC Health Care to avoid scams, protect their IT networks and keep their sensitive data safe.There are steps you can take to minimize the damage if a hacker gets into your system, malware is discovered on your computers, the email server has been hacked, or even if someone takes over your system/s demanding a ransom to return control of it (ransomware) and take steps to respond to each type of data breach.

Ethics Violations

Current cyberlaw ethic violations at ABC Health Care are:

Ethics Violations Impact

1. ABC’s Health Care system does not guarantee protection of personal client Data – proprietary information should ensure sensitive information is not disclosed during any form of professional activity. Currently the admin office grants access to sensitive client information to staff without a need to know.
2. Current ABC Health Care computer network is an open network with default username and passwords in place. The sensitive information on ABC Health Care’s network should be regarded with the highest sense of privacy! It currently does not comply with the Data Protection Standards.
3. Newly appointed Network admin is inexperienced as a Network Administrator and that violates the defined ethical hiring parameters for IT professionals. IT professional should demonstrate their performance capabilities in accordance IT ethical standards.
   • ABC Health Care has no current training program or Ethical procedure work processes. This leaves ABC Health Care liable for negligence for any and all of its employees that might willingly or unknowingly break cyberlaws or ethical codes.

ABC Health Care ethic violations could have serious legal consequences and all ABC employees and clients should be aware of and how to avoid each of the Ethics violations listed on page 5 of this risk assessment. Cyberethics violations and the online activities of the workforce while at work or representing the company is an issue every business and government organization must address. The “insider threat” pertains not only to internal expert hackers trying to steal money and/or data but all employees need to take notice. We all play a role in defending ABC Health Care from cyber-attacks of all types to avoid costly legal issues. The impact of being found in violation of one or many of these violations can cause great financial hardship on the ABC Health Care, it’s employees and its customers! Loss of employment, loss of finances, jail time, criminal record and going out of business are all risks resulting from cyberlaw and ethics violations. Currently ABC Health Care is a very high risk and these risks need to be addressed immediately!

Conclusion

In conclusion, ABC Healthcare Company should institute a cyberlaw policy and restructure to remedy the current non-compliant cyberlaw environment. This change will ensure that all current cyberlaws and ethical behaviors are satisfied for its clients and employees sensitive information. Corrections are needed, ABC Health Care hired a network administrator who is not experienced as a network admin, is an employee code of ethics violation. The employee code of ethics clearly states that the employees should meet the technical requirements for the position they hold. ABC Health care will need to hire an experienced network administrator to comply with current cyberlaw ethics and regulations. ABC Health care has not encrypted its computer programs, app’s or network communication systems, resulting in a system that uses default usernames and passwords. This is a clear violationof cyberlaw regulations by ABC’s Health Care putting all of its employees and client’s privacy at very high risk. ABC Heath Care cybersecurity program will apply the latest industry standards and best practices to understand the current level of impact its cyber risks entail for the company. Identifying what types of cyber incidents ABC Health Care detects in a normal week? Create a threshold policy for notifying our executive leadership and a comprehensive cyber incident response plan with a policy to test this plan regularly to make improvements if necessary? ABC Health Care must maintain high awareness of current cyber threats and laws.

References

“Cyber Risk Management Primer ForCeos”. www.dhs.gov. N.p., 2017. Web. 29 May 2017.

“Cybersecurity | Homeland Security”. Dhs.gov. N.p., 2017. Web. 29 May 2017.

“Data Security | Federal Trade Commission”. Ftc.gov. N.p., 2017. Web. 29 May 2017.

Grama, Joanna Lyn, and Richard Spinello. Southern New Hampshire University IT412 Custom Vitalbook. 2nd ed. Burlington,Ma 01803: Jones &Bartlett Learning, 2017. Print.

“Health Care Cyber-Threat Report”. Sans.org. N.p., 2017. Web. 29 May 2017.

“Information Systems Security Association”. Issa.org. N.p., 2017. Web. 29 May 2017.

“Welcome | Cybersecurity | Department Of Information Technology”. Nh.gov. N.p., 2017. Web. 29 May 2017.