1 / 15

RISK ASSESSMENT PROJECT By Robin Beckwith, Lisa Neuttila & Kathy Cotterman

RISK ASSESSMENT PROJECT By Robin Beckwith, Lisa Neuttila & Kathy Cotterman. 1. R.L.K. Enterprises Medical Records Storage Company. 2. Protect RLK Enterprises from those risks of significant likelihood and consequence in the pursuit of the company’s stated strategic goals and objectives.

hilel-burnett
Download Presentation

RISK ASSESSMENT PROJECT By Robin Beckwith, Lisa Neuttila & Kathy Cotterman

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RISK ASSESSMENT PROJECTBy Robin Beckwith, Lisa Neuttila & Kathy Cotterman 1

  2. R.L.K. EnterprisesMedical Records Storage Company. 2

  3. Protect RLK Enterprises from those risks of significant likelihood and consequence in the pursuit of the company’s stated strategic goals and objectives • Provide a consistent risk management framework in which the risks concerning business processes and functions of the company will be identified, considered and addressed in key approval, review and control processes • Provide assistance to and improve the quality of decision making throughout the company • Meet legal or statutory requirements • Encourage pro-active rather than re-active management The Risk Management Policyhas been created to: • Assist in safeguarding the company's assets -- people, data, property and reputation

  4. RLK Enterprises Security Team is developing a risk management framework for key controls and approval processes of all major business processes and functions of the company. • The aim of risk management is not to eliminate risk totally, but rather to provide the structural means to identify, prioritize, and manage the risks involved in all RLK Enterprises activities. • It requires a balance between the cost of managing and treating risks, and the anticipated benefits that will be derived. Risk Management Policy

  5. Risk management is an essential element in the framework of good corporate governance and is an integral part of good management practice. The intent is to embed risk management in a very practical way into business processes and functions via key approval processes, review processes and controls-not to impose risk management as an extra requirement. Risk Management Policy 5

  6. RLK Enterprises is an electronic medical records storage company and is subject to HIPPA Security Rule. • The National Institute of Standards and Technology has created structure, guidelines and procedures that are required to be followed by Federal Agencies when dealing with electronic health information.. • We have decided to adopt most if not all of their recommended Risk Assessment Framework, with some scoping and customizing to the specific needs of RLK Enterprises. Risk Management Policy

  7. Everyone at RLK has a role in the effective management of risk. All personnel should actively participate in identifying potential risks in their area and contribute to the implementation of appropriate treatment actions. 

  8. Mitigation Procedures

  9. We have identified the information types and assigned a category number on a scale of 1 to 5 according to the magnitude of harm resulting were the system to suffer a compromise of Confidentiality, Integrity, or Availability. NIST SP 800-60 provides a catalog of information types, and FIPS-199 provides a rating methodology and a definition of the three criteria. The overall FIPS-199 system categorization is the high water mark of the impact rating of all the criteria of all information types resident in the system. Identification and Categorization of Information Types in RLK System

  10. 11

  11. Sources: • searchSecurityTechtarget.com article by Shon Harris • SP 800-37 • SP 800-60 • SP 800-66 • SP 800-53 • SP 800-53A • FIPS PUB 199 • FIPS PUB 200 15

  12. 16

More Related