Chat with us, powered by LiveChat Introduction:As an information security profession | Writedemy

Introduction:As an information security profession

Introduction:As an information security profession

Introduction:As an information security professional, you are responsible for ensuring preventive information security controls are in place. Such controls include implementing organizational and security policies, processes, and other forms of preventive security measures.Scenario:During a routine audit of an electronic health record (EHR) system, a major healthcare provider discovered three undocumented accounts that appear to have access to the entire clinical and financial health record within the system. Further investigation revealed that these accounts were accessing records around the clock via remote access to the healthcare system’s network. Three remote access accounts appear to have been set up at least six months prior to the creation date of the first account in the EHR. Additionally, the accounts in the EHR were originally established as standard user accounts approximately two months ago and escalated to full access over the course of two weeks.System controls are verified to be in effect that limit access for each account to no more than 300 records per day. Over the course of the past two months it is estimated that more than 37,000 but no more than 50,000 records could have been accessed. Reports are being run to determine which patient accounts were accessed, but the reports will take more than two weeks to identify the record identification numbers and then take longer than 60 days to compile the usernames and addresses. An audit of other systems that contain sensitive information revealed no other unauthorized access.Audit files that would normally identify the creator of the accounts overwrite themselves after two weeks in the systems that provide remote access and the EHR. No one in senior management has any reason to suspect that it was an inside job, but based on the short duration for log retention there is no way to eliminate that possibility either.Task:Create a legal analysis by doing the following:A. Create three organizational policy statements that may have prevented the security breach.1. Justify each organizational policy statement based on a nationally or internationally recognized standard (e.g., ISO/IEC, NIST).B. When you use sources, include all in-text citations and references in APA format.Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.Note: When using sources to support ideas and elements in a paper or project, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly.Introduction:As an information security professional, you are responsible for ensuring preventive information security controls are in place. Such controls include implementing organizational and security policies, processes, and other forms of preventive security measures.Scenario:During a routine audit of an electronic health record (EHR) system, a major healthcare provider discovered three undocumented accounts that appear to have access to the entire clinical and financial health record within the system. Further investigation revealed that these accounts were accessing records around the clock via remote access to the healthcare system’s network. Three remote access accounts appear to have been set up at least six months prior to the creation date of the first account in the EHR. Additionally, the accounts in the EHR were originally established as standard user accounts approximately two months ago and escalated to full access over the course of two weeks.System controls are verified to be in effect that limit access for each account to no more than 300 records per day. Over the course of the past two months it is estimated that more than 37,000 but no more than 50,000 records could have been accessed. Reports are being run to determine which patient accounts were accessed, but the reports will take more than two weeks to identify the record identification numbers and then take longer than 60 days to compile the usernames and addresses. An audit of other systems that contain sensitive information revealed no other unauthorized access.Audit files that would normally identify the creator of the accounts overwrite themselves after two weeks in the systems that provide remote access and the EHR. No one in senior management has any reason to suspect that it was an inside job, but based on the short duration for log retention there is no way to eliminate that possibility either.Task:Create a legal analysis by doing the following:A. Create three organizational policy statements that may have prevented the security breach.1. Justify each organizational policy statement based on a nationally or internationally recognized standard (e.g., ISO/IEC, NIST).B. When you use sources, include all in-text citations and references in APA format.Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.Note: When using sources to support ideas and elements in a paper or project, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing. It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly.

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order