NR543 Security Risk Assessment
The purpose of this NR543 Security Risk Assessment assignment is to:
- Understand and recognize threats to information and information-system security;
- Identify safeguards to protect information and information-system security; and
- Develop strategies to increase safeguards to protect information and information-system security.
Course Learning Outcomes
Through this assignment, you will address the following course learning outcomes:
- CO 2: Utilize critical inquiry and judgment to evaluate proposed solutions for information-workflow problems. (PO 4, 5)
Due Date: Sunday 11:59 p.m. MT at the end of Week 6.
Total Points Possible: 175 Points
In this assignment, you will evaluate the security of the information and technology systems at your workplace. You will do this by answering a series of questions and then identifying three threats that could harm the security of the facility. After identifying these threats, you will come up with recommendations that are based on evidence to protect against each one. Finally, you will share what you learned from completing the assignment.
- Provide a cover page.
- Use the template on the assignment page to answer the series of questions, followed by identification of three actual or potential threats at the associated setting. Please include evidence-based recommendations to address each threat. The student must include in-text citations and references for each threat.
- Present a conclusion that shares what you learned from completing the assignment.
- The paper should not exceed four pages excluding the cover page and references.
- The assignment must demonstrate graduate-level writing.
If you do not receive at least a proficient rating in any content category, you can re-submit your assignment with revision to that content category to improve the points earned within that specific section. Please note the following guidelines:
- After receiving your assignment grade, you have one opportunity to resubmit.
- In order to resubmit, your initial submission must have been a complete assignment. Rough drafts will not be graded or allowed for resubmission.
- Only content sections that did not receive at least a proficient rating with the first submission may be revised to earn a better score in that content category. APA format and writing style will not be re-graded.
- Points possible for revised and resubmitted work will not exceed the “proficient” rubric category (84%).
- Any revision must be submitted for re-evaluation within 7 days after the assignment grade is posted. For example, if your assignment grade is posted on Friday at 12 noon MT, you have until the following Friday at 12 noon MT to resubmit any content area that did not earn a proficient rating.
- Within 7 days from your resubmission, the class instructor will post your score for the resubmitted work.
Steps to follow for resubmission of a content section within an assignment that did not earn a proficient rating on the rubric:
- Contact your class instructor privately via email, phone, or Canvas private message to inform him/her that you plan to resubmit a content section of the assignment that did not receive a proficient rating on the rubric.
- Submit the assignment in its entirety (including the rewritten content section) within 7 days of the original assignment grade being posted.
NR543 Security Risk Assessment and Recommendations Template
|*The following seven questions were adapted from questions from the Security Risk Assessment (SRA) tool developed collaboratively by The Office of the National Coordinator for Health Information Technology (ONC) and HHS Office for Civil Rights (OCR).||YES||NO||Comments/Strengths/Weaknesses/Identify Responsible party|
|1. Do you know if your organization/clinic/practice has completed a security risk assessment (SRA) before?
|2. Does your organization/clinic/practice have policies and procedures regarding risk assessment, risk management and information security activities?||YES||NO|
|3. Do you know who is responsible for developing/updating policies and procedures regarding risk assessment, risk management and information security activities?||YES||NO|
|4. Do you know who manages and controls personnel access to ePHI, systems, and facilities?
|5. Do you know who manages access to and use of your facility information services or facilities [i.e., that house information systems and ePHI]?
|6. Are you aware of whether you contract with business associates or other third-party vendors relative to any PHI?
|7. Are you aware of your facility’s contingency plan in the event of an emergency?
Please identify 3 actual or potential threats to information and information systems that you have SEEN at your facility (name the application if specific).
Provide YOUR evidence-backed recommendations to eliminate/mitigate these threats using no more than 500 words here (Be certain to also list your references).
In conclusion what did you learn while doing this assignment?
|Completion of SRA Questions||40||23%||Provides an answer to each question as well as additional information on strengths/weaknesses noted for each area and responsible party (if identified).|
|Identification of Three Security threats||40||23%||Provides detailed information on the information system threats identified|
|Evidence-based Recommendations||40||23%||Provides evidence-based recommendations to resolve each threat identified.|
|Conclusion||40||23%||In this section you will:
|Graduate-Level Writing Style||15||8%||For full credit in this section, the following criteria must be met:
|Total||175||100%||A quality assignment will meet or exceed the above requirements.|
|SRA||40 Points||37 Points||34 Points||0 Points|
|All SRA questions are answered with additional comments/information provided for each.||All SRA questions are answered with most having additional comments/information provided.||SRA questions are answered with minimal additional information or comments.||SRA questions are not addressed.
|Identification of Three Security Threats||40 Points||37 Points||34 Points||0 Points|
|Provides detailed information on three actual or potential information security threats in the context of specific setting.||Provides information on three actual or potential information security threats in the context of specific setting.||Identified three threats although missing some clarity on whether they are actual or potential.||No threats identified or threats specific to setting.|
|Evidence-based Recommendations||40 Points||37 Points||34 Points||0 Points|
|Evidence-based recommendations provided for each threat and discussed in detail.||Evidence-based recommendations provided for each threat but with limited discussion.||Evidence-based recommendations provided but may not be specific for each threat or evidence is of poor quality.||No recommendations provided or recommendations lack evidence.|
|Conclusion||40 Points||37 Points||34 Points||0 Points|
|Concluding statements clearly include the writer’s unique insights about security threat assessment.||Concluding statements present but lack clear presentation of the writer’s unique insights gained from completing this assignment.
|Conclusion partially addresses security threat assessment or writer’s insights.
|Conclusion is present but does not address either security threat assessment or writer’s insights.
No conclusion is present.
|Graduate-Level Writing Style||15 Points||13 Points||12 Points||0 Points|
|No grammar, spelling, punctuation, reference, citation, or APA errors||1 total grammar, spelling, punctuation, reference, citation, or APA error||2 total grammar, spelling, punctuation, reference, citation, or APA errors||3 or more total grammar, spelling, punctuation, reference, citation, or APA errors|
|Total Points||_____of 175 points|