Key Topics
- 1. Introduction:
- 1.1
- 1.2
- 1.3
- 2. Objectives of the risk management plan:
- 2.1. Case specific deliverables
- 2.2. Threats and vulnerabilities
- 2.3. Mitigation with justification
- 2.4. Cost for changes
- Tabular representation
- 3. Scope of the risk management plan
- 3.1. Scope definition
- 3.2. Mitigation activities
- 4. Roles and responsibilities
You are an information technology (IT) intern working for AD Health Network, Inc. (AD Health Network), a fictitious health services organization headquartered in Abu Dhabi. AD Health Network has over 600 employees throughout the organization and generates two billion dirhams in annual revenue. The company has two additional locations in Al Ain and Dubai which support a mix of corporate operations. Each corporate facility is located near a co-location data center, where production systems are located and managed by third-party data center hosting vendors.
1. Introduction:
1.1
In the current scenario, information technology has become very crucial within the organizational context. As per the analysis, it has been examined that the impact of the information technology in the current business situation is very vital. However, there are many of those major aspects included, which can be very impactful in order to understand the major issues within information technology (Azhar, 2015). This following paper is aiming towards build a proper risk management plan for an organization in order to eliminate all the possible risk regarding the information technology. By identifying those proper issues organizations can ensure the overall risk management plan, which can be very helpful for them in order to deal with many kind of uncertainties within the marketplace.
AD health network has been known as one of the most reputed healthcare organization within Dubai. In order to conduct their overall services they are always depend on the information technology. The usage of the information technology is very often within the workplace of AD healthcare network. They have over 600 employees. As per the case scenario, it has been examined that the organization is mainly dealing with three products or services, which has been proved as very crucial for them in order to generate revenue from their businesses. Net Exchange as along with Net pay and Net connect has been deemed as their major services. They conveyed on those services in the process of generate income. As per the analysis, it has been examined that the net exchange has been known as their major source by which they are generating the majority of their revenue. This system provides facility to hold all the secret message from the customers or the patients from the different of hospitals. This process has also been helpful for the healthcare organization in order to getting more customers.
Just like the net exchange, net pay has also been deemed as one of another major service. In the current phenomena, it has been perceived that many of the organization are using this in order to smoothen their business operations. Usage of the net pay within AD healthcare service is also very high. This process has been known as very effective in order to conduct the entire billing process in a safe and secure way (Azhar, 2015). This particular process is helping the customers in order to pay their bills easily and securely. AD health network accept many of those payment methods by which their customers can easily deposit their bills. Acceptance of the credit card has also been including in the net pay system of AD health network. Last but not the least, H net connect is their another major service by which they are helping the people in many possible ways. Hnet connect is playing a huge for the AD healthcare network. This system provides an additional edge to the customers to know the details about their doctors, desired clinics or any kind of needed information (Azhar, et al., 2015). This service has also become very crucial for the customers in order to receive proper treatment.
However, there are many of those major issues has been identified, by which the entire risk management procedure could be accomplished. Losing the company data has been known as their major issues. They are facing this problem often. Removal of the hardware from the production system is the major reason behind this issue. Loss of the devices is another major issue for them within their organizational context. Losing the customers due to some factors such as natural disasters along with unstable software is also an issue for the AD health network. Dealing with the several cyber threats has been considered as another major concern.
AD health network has been known as one of the most reputed healthcare organization within Dubai. In order to conduct their overall services they are always depend on the information technology. The usage of the information technology is very often within the workplace of AD healthcare network. They have over 600 employees. As per the case scenario, it has been examined that the organization is mainly dealing with three products or services, which has been proved as very crucial for them in order to generate revenue from their businesses. Net Exchange as along with Net pay and Net connect has been deemed as their major services. They conveyed on those services in the process of generate income. As per the analysis, it has been examined that the net exchange has been known as their major source by which they are generating the majority of their revenue. This system provides facility to hold all the secret message from the customers or the patients from the different of hospitals. This process has also been helpful for the healthcare organization in order to getting more customers.
Just like the net exchange, net pay has also been deemed as one of another major service. In the current phenomena, it has been perceived that many of the organization are using this in order to smoothen their business operations. Usage of the net pay within AD healthcare service is also very high. This process has been known as very effective in order to conduct the entire billing process in a safe and secure way (Azhar, 2015). This particular process is helping the customers in order to pay their bills easily and securely. AD health network accept many of those payment methods by which their customers can easily deposit their bills. Acceptance of the credit card has also been including in the net pay system of AD health network. Last but not the least, H net connect is their another major service by which they are helping the people in many possible ways. Hnet connect is playing a huge for the AD healthcare network. This system provides an additional edge to the customers to know the details about their doctors, desired clinics or any kind of needed information (Azhar, et al., 2015). This service has also become very crucial for the customers in order to receive proper treatment.
However, there are many of those major issues has been identified, by which the entire risk management procedure could be accomplished. Losing the company data has been known as their major issues. They are facing this problem often. Removal of the hardware from the production system is the major reason behind this issue. Loss of the devices is another major issue for them within their organizational context. Losing the customers due to some factors such as natural disasters along with unstable software is also an issue for the AD health network. Dealing with the several cyber threats has been considered as another major concern.
1.2
It has been examined that in AD health network, they do not have that proper planning in order to counter those major issues, which can be proved as very affective for them in the near future. It has become very crucial for the project planners to conduct the overall process according to the issues. The major role of the team is indicating towards the proper evaluation of those issues in order to establish a proper planning fort the AD health network by which they can deal with those several issues.
1.3
Time is very crucial in order to conduct the overall project. In according to the depth of the issue or problem, every task has their own required durations, which has been provided below. There are many different stages of the risk management process which require a different amount of time thus theme for the risk management plan would include the following main stages that would then be divided into the sub-stages of the process.
2. Objectives of the risk management plan:
In order to establish a proper risk management plan, it has become every important to determine the proper objectives, which can be very helpful for the project planners in order to execute their process properly. Those major objectives has been described in the below portion. The objectives of the risk management plans follows the following structures in the specific order, which is used in the specific cases where the different parts of the project are identified according to the stages.
Assessment of situation- this part of the objective is based on the overall understating of the case and the situation that prompted the need for the risk management project, which is mainly due to the different operational aspects being compromised by the risks. This stage therefore uses the individual risks and their impact on the operations of the organization in the project. This is the basis of the risk management plan and thus forms the initial stage of the risk management plan.
Identification of the risks- the individual risks that affect the functionality of the organization is the basis of the identification process, here the different individual aspects of the risk like stationary hardware, mobile security , cloud security are identified along with their possible impact on the operation of the organization. This is the second objective, which helps identify the different aspects of the project that forms the later stages of the project.
Assessment of the possible impact- here the identified risks in the previous stages are calculated based on the overall impact of the same. Here the each risk that has been identified is analysed in the business context and used for understanding the impacts of the risk on the organizational procedures which amounts up to the understanding the scope of the project and the overall initiative that helps in the formation of the mitigation strategies. This identification stage is instrumental for the formation of the different parts of the risk mangment plan as the risk and their impact and probability are used to prioritise the risks in the mitigation strategy. Thus, the stage is important for a balanced approach on the plan that takes the mitigation strategies based on the importance and priority of the risk in the case.
Assessment of the possible impact- here the identified risks in the previous stages are calculated based on the overall impact of the same. Here the each risk that has been identified is analysed in the business context and used for understanding the impacts of the risk on the organizational procedures which amounts up to the understanding the scope of the project and the overall initiative that helps in the formation of the mitigation strategies. This identification stage is instrumental for the formation of the different parts of the risk mangment plan as the risk and their impact and probability are used to prioritise the risks in the mitigation strategy. Thus, the stage is important for a balanced approach on the plan that takes the mitigation strategies based on the importance and priority of the risk in the case.
Formation of mitigation strategies- this is the final stage of the risk management process, which is based on the previous part of the risk identification, and the separate stages are used for the formation mitigation strategies for the different individual threats of the system. This is the final stage, which used the technical knowledge of the data management and classification process for the security of the system. This seems to be the basis of the risk management plan and the ensuing project stages are based on the situation that is affecting the security of the organization AD Health Network. Thus, the mitigation according to the priorities of the threats identified are used to form the mitigation aspect of each threats identified in the plan.
2.1. Case specific deliverables
Implementation of the cloud computing process:
After understanding the issues they are facing, it can be said that the implementation of the cloud computing system can be very helpful for the AD health network. Losing the company dart is one of their major issues, which affects them very much. By using, the cloud computing for data storage they can ensure their data security. In the current phenomena, this process has become very popular among the organizations. This system will eliminate their over dependency on traditional way of data storing.
Providing security of the devices such as laptops and mobiles:
It has been examined that the organization is facing the issues of losing valuable information about the organization from their stolen devices. In order to counter this particular issue, the AD healthcare network needs to work on some major areas by which the overall issue can be handled. Providing strong passwords can be helpful for the company. Implementation of the several technological aspects such finger print scanner, face recognition system can be helpful for them in order to deal with this situation.
Ensuring stable networking system:
Ensuring stable networking system:
Ensuring the stability of the networking system is very crucial for the project planers to consider in order retain their customers and eliminate the threat of losing customers. Through the analysis, it has been examined that the AD health network is now facing these issues often. Hiring quality professionals in order to design an effective network can help them in many possible ways.
Improve the security aspects:
Improve the security aspects:
In the current situation, providing security has been considered as very crucial thing for the organizations in order to deal with many of those major security issues. They conducted their majority of the work with a help of internet. It has been examined that, cyber threats are very much common in the current situation. AD health network should consider this issue in order make a quality security system for their organization. Ensuring the safety of the customers data is very crucial for the organization. It has been examined that the security system in AD health network is not that efficient to counter such cyber threats. Proper intervention is required for them by which they can ensure their overall security aspects.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your Order2.2. Threats and vulnerabilities
The threats regarding the project are based on the objectives of the project that are identified in the previous part of the assessment and the identification is based on the different threats to the system and their impossible impact on the system security of the AD Health Network. Therefore, the individual threats that are identified are the following
? The main threat to the viability of the organization is the threat of the data storage inefficiency, which is affected by the theft of the physical data storage hardware, which is stolen from the premises of the organization. Because of the physical storage location, being the only copy the system is affected more by the system.
? The device based security is also another threat as the personal mobile computing devices used by the employees to access the company system and the use of the storage of confidential data of the clients. This not only affected by the loss of data due to memory failure but also the threat of the data being misused in case of the mobile device is stolen. Thus, this is the second most important threat to the organization in terms of data security.
? The threat of the company production is being affected by various situations are another threat to the system which can affect and are only partially manageable. The natural disaster and other barriers are impenetrable by this plan but the aspect of the system security and cultural aspects of the data management process can easily be mitigated. As a result, threat can never be fully addressed but only managed through contingency planning and leaving room for these barriers in the Therefore, this part of the threat is only partially addressed by the plan.
? The company website and databases accessed through the internet are another thereat as the client information can be accessed through the internet, which threatens the client safety of the company. This is another threat in the system.
? The final threat that can be most easily managed is the practices of the employees and the organizational guidelines on data security and the protection which addressed the security issues that arise from the standard practices of the organization and the culture being emphatic on the security aspect of the information and vulnerabilities of the system.
The vulnerabilities of the system that can be understood from the threat are the following, which are case specific can thus important for the mitigation strategy or management of risk.
? System vulnerabilities- the lack of data backup and cloud storage are the main vulnerability resulting in data loss and the loss of organisational efficiency and security. This primary vulnerability needs to be addressed by the system.
? Hardware vulnerabilities- the security protocols for the accessing the data through different devices and the internet are the main cause of the data theft resulting loss of organizational credibility to the client and the vulnerabilities therefore are based on the overall scope of the project.
? Human aspects- the human usage practices and the culture of data security are another vulnerability of the system as identified from the threat section of the practice and the organizational culture and standard procedures are being affected by the human element that needs to system vulnerabilities.
? The device based security is also another threat as the personal mobile computing devices used by the employees to access the company system and the use of the storage of confidential data of the clients. This not only affected by the loss of data due to memory failure but also the threat of the data being misused in case of the mobile device is stolen. Thus, this is the second most important threat to the organization in terms of data security.
? The threat of the company production is being affected by various situations are another threat to the system which can affect and are only partially manageable. The natural disaster and other barriers are impenetrable by this plan but the aspect of the system security and cultural aspects of the data management process can easily be mitigated. As a result, threat can never be fully addressed but only managed through contingency planning and leaving room for these barriers in the Therefore, this part of the threat is only partially addressed by the plan.
? The company website and databases accessed through the internet are another thereat as the client information can be accessed through the internet, which threatens the client safety of the company. This is another threat in the system.
? The final threat that can be most easily managed is the practices of the employees and the organizational guidelines on data security and the protection which addressed the security issues that arise from the standard practices of the organization and the culture being emphatic on the security aspect of the information and vulnerabilities of the system.
The vulnerabilities of the system that can be understood from the threat are the following, which are case specific can thus important for the mitigation strategy or management of risk.
? System vulnerabilities- the lack of data backup and cloud storage are the main vulnerability resulting in data loss and the loss of organisational efficiency and security. This primary vulnerability needs to be addressed by the system.
? Hardware vulnerabilities- the security protocols for the accessing the data through different devices and the internet are the main cause of the data theft resulting loss of organizational credibility to the client and the vulnerabilities therefore are based on the overall scope of the project.
? Human aspects- the human usage practices and the culture of data security are another vulnerability of the system as identified from the threat section of the practice and the organizational culture and standard procedures are being affected by the human element that needs to system vulnerabilities.
2.3. Mitigation with justification
? The hiring of network and hardware management professionals - the hiring of the capable professionals in managing the health network is an essential part, which plays a great role in the network security of the system. As the system store valuable client information, the use of offline backup seems like a viable option at this point.
? Using cloud storage – starting to use cloud storage instead of the hardware of the office is a step that is bound to reduce the data theft problems is the access to the offsite database can only be accessed through user verification and tracking of usage is possible. This makes sure that any theft of or loss of hardware does not affect the operational capability of the organization.
? Internet security software - the use of internet security software on the company internet access prevents from malware and other backdoors used for data theft that can impact the company reputation and this is a precautionary measure to detect any breach in early stages and minimise the impact.
? User authentication via biometrics in remote database access- the use of authentication for every access to the database from mobile devices is one solution that can prevent the stolen devices being used for compromising thing the whole system. The use of biometrics instead of password-only strengthens the process as the biometrics can never be shared or duplicated like fingerprint or face recognition.
? Banning unauthorised devices from accessing network by employees – barring the access of database from unauthorised devices is another security measure that reduces the risk considerably as the list of devices that can access the online storage remotely can prevent and data theft due to backup and use of any stolen computing device for compromising client and patient information.
? Using cloud storage – starting to use cloud storage instead of the hardware of the office is a step that is bound to reduce the data theft problems is the access to the offsite database can only be accessed through user verification and tracking of usage is possible. This makes sure that any theft of or loss of hardware does not affect the operational capability of the organization.
? Internet security software - the use of internet security software on the company internet access prevents from malware and other backdoors used for data theft that can impact the company reputation and this is a precautionary measure to detect any breach in early stages and minimise the impact.
? User authentication via biometrics in remote database access- the use of authentication for every access to the database from mobile devices is one solution that can prevent the stolen devices being used for compromising thing the whole system. The use of biometrics instead of password-only strengthens the process as the biometrics can never be shared or duplicated like fingerprint or face recognition.
? Banning unauthorised devices from accessing network by employees – barring the access of database from unauthorised devices is another security measure that reduces the risk considerably as the list of devices that can access the online storage remotely can prevent and data theft due to backup and use of any stolen computing device for compromising client and patient information.
2.4. Cost for changes
The cost for different changes is different as some of them are recurring like the network management staff and some are one time like authentication system.
This the cost related to the different mitigation techniques vary greatly. A list of the following steps is given approximately.
• Hiring network management professionals—$40000-/month
• Cloud storage- 29.95 for 5TB
• Authentication system- $15000
• Changing personal competing device usage policy in organization-$150 for motive and advertisement
This the cost related to the different mitigation techniques vary greatly. A list of the following steps is given approximately.
• Hiring network management professionals—$40000-/month
• Cloud storage- 29.95 for 5TB
• Authentication system- $15000
• Changing personal competing device usage policy in organization-$150 for motive and advertisement
Tabular representation
3. Scope of the risk management plan
3.1. Scope definition
The scope of the project for the risk management of AD health services is extensive but mostly concentrated on few aspects of the operations of the organization that mainly relates to the hardware and network related issues along with mobile devices and internet security system for the databases. The scope of the project is quite limited and concentrated and thus the scope can be easily defined as a means to secure the client information stored in by the organization and accessing and delivering the information to the health services. Thus, the scope of the project is to ensure the fluid and secure information channel with high stability. Prevention of data theft and mitigate the effect of the data loss through frequent backups.
3.2. Mitigation activities
The mitigation activities of the risk management project can be identified as the following processes that are part of the risk management process.
? Implantation of cloud storage – the cloud storage backup would prevent back up and thus mitigate the effects of hardware failure on the company functionality and data security.
? Authentication system development for database access- the authentication system development for the mobile computing devices using biometrics would prevent unauthorised access, secure the client information, and prevent the stolen devices from affecting the client data.
? Hardware backup on different locations- the same file being stored in different locations prevent the hardware failures from affecting the database of client information and at least minimise it if not prevent it entirely.
? Internet security software- the use of internet security software can help secure the information transfer process and prevent the internet channels from being accessible by unauthorised parties.
? Implantation of cloud storage – the cloud storage backup would prevent back up and thus mitigate the effects of hardware failure on the company functionality and data security.
? Authentication system development for database access- the authentication system development for the mobile computing devices using biometrics would prevent unauthorised access, secure the client information, and prevent the stolen devices from affecting the client data.
? Hardware backup on different locations- the same file being stored in different locations prevent the hardware failures from affecting the database of client information and at least minimise it if not prevent it entirely.
? Internet security software- the use of internet security software can help secure the information transfer process and prevent the internet channels from being accessible by unauthorised parties.
4. Roles and responsibilities
4.1. RACI matrix
The responsibilities for the different tasks in the risk management process can be easily represented in the RACI chart. The different roles are defined in the presented RACI chart according to the following codes
Responsible-R
Accountable-A
Consulted-C
Informed- I
task manager Network experts Higher management Third party vendor
Implementing cloud storage R RI I A
Authentication system development R A IR
Hardware backup R RA IR A
Internet security R I I A
The responsibilities for the different tasks in the risk management process can be easily represented in the RACI chart. The different roles are defined in the presented RACI chart according to the following codes
Responsible-R
Accountable-A
Consulted-C
Informed- I
task manager Network experts Higher management Third party vendor
Implementing cloud storage R RI I A
Authentication system development R A IR
Hardware backup R RA IR A
Internet security R I I A
To be continued ...