NR543 Security Risk Assessment

 

The purpose of this NR543 Security Risk Assessment assignment is to:

• Understand and recognize threats to information and information-system security;
• Identify safeguards to protect information and information-system security; and
• Develop strategies to increase safeguards to protect information and information-system security.

 

Course Learning Outcomes

Through this assignment, you will address the following course learning outcomes:

• CO 2: Utilize critical inquiry and judgment to evaluate proposed solutions for information-workflow problems. (PO 4, 5)

 

Due Date: Sunday 11:59 p.m. MT at the end of Week 6.

Total Points Possible: 175 Points

 

Assignment Overview

In this assignment, you will evaluate the security of the information and technology systems at your workplace. You will do this by answering a series of questions and then identifying three threats that could harm the security of the facility. After identifying these threats, you will come up with recommendations that are based on evidence to protect against each one. Finally, you will share what you learned from completing the assignment.

 

Assignment Instructions

1. Provide a cover page.
2. Use the template on the assignment page to answer the series of questions, followed by identification of three actual or potential threats at the associated setting. Please include evidence-based recommendations to address each threat. The student must include in-text citations and references for each threat.
3. Present a conclusion that shares what you learned from completing the assignment.
4. The paper should not exceed four pages excluding the cover page and references.
5. The assignment must demonstrate graduate-level writing.

 

Revision Process

If you do not receive at least a proficient rating in any content category, you can re-submit your assignment with revision to that content category to improve the points earned within that specific section.  Please note the following guidelines:

• After receiving your assignment grade, you have one opportunity to resubmit.
• In order to resubmit, your initial submission must have been a complete assignment. Rough drafts will not be graded or allowed for resubmission.
• Only content sections that did not receive at least a proficient rating with the first submission may be revised to earn a better score in that content category. APA format and writing style will not be re-graded.
• Points possible for revised and resubmitted work will not exceed the “proficient” rubric category (84%).
• Any revision must be submitted for re-evaluation within 7 days after the assignment grade is posted. For example, if your assignment grade is posted on Friday at 12 noon MT, you have until the following Friday at 12 noon MT to resubmit any content area that did not earn a proficient rating.
• Within 7 days from your resubmission, the class instructor will post your score for the resubmitted work.

Steps to follow for resubmission of a content section within an assignment that did not earn a proficient rating on the rubric:

• Contact your class instructor privately via email, phone, or Canvas private message to inform him/her that you plan to resubmit a content section of the assignment that did not receive a proficient rating on the rubric.
• Submit the assignment in its entirety (including the rewritten content section) within 7 days of the original assignment grade being posted.

 

NR543 Security Risk Assessment and Recommendations Template

*The following seven questions were adapted from questions from the Security Risk Assessment (SRA) tool developed collaboratively by The Office of the National Coordinator for Health Information Technology (ONC) and HHS Office for Civil Rights (OCR).	YES	NO	Comments/Strengths/Weaknesses/Identify Responsible party
1.       Do you know if your organization/clinic/practice has completed a security risk assessment (SRA) before?	YES	NO
2.       Does your organization/clinic/practice have policies and procedures regarding risk assessment, risk management and information security activities?	YES	NO
3.       Do you know who is responsible for developing/updating policies and procedures regarding risk assessment, risk management and information security activities?	YES	NO
4.       Do you know who manages and controls personnel access to ePHI, systems, and facilities?	YES	NO
5.       Do you know who manages access to and use of your facility information services or facilities [i.e., that house information systems and ePHI]?	YES	NO
6.       Are you aware of whether you contract with business associates or other third-party vendors relative to any PHI?	YES	NO
7.       Are you aware of your facility’s contingency plan in the event of an emergency?	YES	NO

 

Please identify 3 actual or potential threats to information and information systems that you have SEEN at your facility (name the application if specific).

#1)

#2)

#3)

 

 

Provide YOUR evidence-backed recommendations to eliminate/mitigate these threats using no more than 500 words here (Be certain to also list your references).

 

 

In conclusion what did you learn while doing this assignment?

 

Assignment Criteria

 

Assessment Criteria	Points	%	Description
Completion of SRA Questions	40	23%	Provides an answer to each question as well as additional information on strengths/weaknesses noted for each area and responsible party (if identified).
Identification of Three Security threats	40	23%	Provides detailed information on the information system threats identified
Evidence-based Recommendations	40	23%	Provides evidence-based recommendations to resolve each threat identified.
Conclusion	40	23%	In this section you will: Identify what you learned from doing the assignment.
Graduate-Level Writing Style	15	8%	For full credit in this section, the following criteria must be met: Correct use of spelling, grammar, punctuation, sentence, and paragraph structure Clarity, organization, and logical flow of ideas within writing Ideas and information from other sources are cited and are cited correctly (zero to three errors) The paper (excluding the title page and reference page) does not exceed four pages. Required texts are used as references in addition to evidence-based, scholarly sources no older than three years.
Total	175	100%	A quality assignment will meet or exceed the above requirements.

Grading Rubric

Assessment Criteria	Distinguished   (100%)	Exceeds   (92%)	Proficient   (84%)	Needs Improvement   (0%)
SRA	40 Points	37 Points	34 Points	0 Points
	All SRA questions are answered with additional comments/information provided for each.	All SRA questions are answered with most having additional comments/information provided.	SRA questions are answered with minimal additional information or comments.	SRA questions are not addressed.
Identification of Three Security Threats	40 Points	37 Points	34 Points	0 Points
	Provides detailed information on three actual or potential information security threats in the context of specific setting.	Provides information on three actual or potential information security threats in the context of specific setting.	Identified three threats although missing some clarity on whether they are actual or potential.	No threats identified or threats specific to setting.
Evidence-based Recommendations	40 Points	37 Points	34 Points	0 Points
	Evidence-based recommendations provided for each threat and discussed in detail.	Evidence-based recommendations provided for each threat but with limited discussion.	Evidence-based recommendations provided but may not be specific for each threat or evidence is of poor quality.	No recommendations provided or recommendations lack evidence.
Conclusion	40 Points	37 Points	34 Points	0 Points
	Concluding statements clearly include the writer’s unique insights about security threat assessment.	Concluding statements present but lack clear presentation of the writer’s unique insights gained from completing this assignment.	Conclusion partially addresses security threat assessment or writer’s insights.	Conclusion is present but does not address either security threat assessment or writer’s insights. OR No conclusion is present.
Graduate-Level Writing Style	15 Points	13 Points	12 Points	0 Points
	No grammar, spelling, punctuation, reference, citation, or APA errors	1 total grammar, spelling, punctuation, reference, citation, or APA error	2 total grammar, spelling, punctuation, reference, citation, or APA errors	3 or more total grammar, spelling, punctuation, reference, citation, or APA errors

 

Total Points

_____of 175 points