login   register  



Due to policy changes, personnel changes, systems changes, and audits it is often necessary to review and revise information security policies. Information security professionals are responsible for ensuring that policies are in line with current information security laws and regulations.



A.  Develop new policy statements for the following sections of the attached “Heart-Healthy Insurance Information Security Policy”:

1. New Users

2. Password Requirements


B.  Justify your modifications in parts A1 and A2 based on U.S. federal regulatory requirements.


C.  If you use sources, include all in-text citations and references in APA format.




As an information security professional, you are responsible for ensuring preventive information security controls are in place. Such controls include implementing organizational and security policies, processes, and other forms of preventive security measures.


During a routine audit of an electronic health record (EHR) system, a major healthcare provider discovered three undocumented accounts that appear to have access to the entire clinical and financial health record within the system. Further investigation revealed that these accounts were accessing records around the clock via remote access to the healthcare system’s network. Three remote access accounts appear to have been set up at least six months prior to the creation date of the first account in the EHR. Additionally, the accounts in the EHR were originally established as standard user accounts approximately two months ago and escalated to full access over the course of two weeks.

System controls are verified to be in effect that limit access for each account to no more than 300 records per day. Over the course of the past two months it is estimated that more than 37,000 but no more than 50,000 records could have been accessed. Reports are being run to determine which patient accounts were accessed, but the reports will take more than two weeks to identify the record identification numbers and then take longer than 60 days to compile the usernames and addresses.

An audit of other systems that contain sensitive information revealed no other unauthorized access. Audit files that would normally identify the creator of the accounts overwrite themselves after two weeks in the systems that provide remote access and the EHR. No one in senior management has any reason to suspect that it was an inside job, but based on the short duration for log retention there is no way to eliminate that possibility either.


Create a legal analysis by doing the following:


A.  Create three organizational policy statements that may have prevented the security breach.

1.  Justify each organizational policy statement based on a nationally or internationally recognized standard (e.g., ISO/IEC, NIST).


B.  If you use sources, include all in-text citations and references in APA format.




For this task you will respond to a hypothetical business arrangement where you have been asked to review an initial draft of a service level agreement (SLA) between your company, Finman Account Management, and two other companies, Datanal and Minertek. Based on your recommendations for modifications, Finman will propose a final agreement.



A.  Recommend changes (i.e., modifications, insertions, or deletions) to the attached “Service Level Agreement” to better protect Finman’s data and intellectual property.

1.  Justify how your recommendations will limit use, sharing, retention, and destruction of Finman’s corporate data by Datanal and Minertek.

2.  Justify how your recommendations will assure that Finman’s property, patents, copyrights, and other proprietary rights are protected.


B.  If you use sources, include all in-text citations and references in APA format.




The first place to start when developing a comprehensive security assurance program is to conduct an honest and thorough analysis of an organization’s vulnerabilities and potential threats. When vulnerabilities can be exploited by known or unknown threats, it puts that organization at risk.
Once risks are identified, an organization must evaluate the likelihood of each risk and understand the impact that each risk has on the organization. Based on this impact analysis, there must be clear standards for deciding which risks are critical to address and which risks do not pose a significant threat to the organization. For risks that are deemed critical, procedures must be put in place to raise the level of protection, to reduce the likelihood of the threat occurring, or to lower the impact of the specific risk.
The impact thresholds (the point where a risk is deemed as critical) are often subjective and vary across different types of threats, organizations, and cultures, but some thresholds are established as industry or government standards.

A complete risk analysis includes the identification of all threats and vulnerabilities and an impact analysis that examines the associated risks based on their impact on the organization. Once these analysis activities are completed, you can categorize the risks based on a treatment threshold and recommend appropriate controls (procedures, processes, or rules) that should be implemented in order to eliminate the risks or reduce them to acceptable levels.
Use the following scenario to complete this task:
A contractor builds portable radar satellite communication systems for the military. The portable radar systems are used in battlefield areas to communicate sensitive, strategic information related to battle plans. The radar systems must communicate within the global military network. The military requires that the contractor conduct a security risk analysis of their internal networks and information systems for intrusion detection and cybercrime prevention.

You are asked to lead the project team responsible for conducting the risk analysis. You are also responsible for producing the analysis documents. Although your company has security systems in place, this will be the first time you’ve undertaken a formal security and risk audit, so be thorough in  defining terms and in explaining all the concepts and procedures that you will be applying.



Write an essay (suggested length of 8–10 pages) in which you:


A.  Use at least one outside source for each of the following six areas to create a risk analysis and cybercrime prevention plan.


Note: Each area should be written in the context of the given scenario.

Note: Sources must be from within the last five years.


1.  Evaluate the following terms in relation to the risk analysis you have been assigned by the contractor.

•  Threats

•  Hazards

•  Vulnerabilities

•  Risks

•  Assets

2.  Explain the methodology used to conduct the risk analysis.

•  Define the steps you will take.

•  Identify the critical decisions made at each milestone.

3.  Evaluate the top five risks in this scenario using the qualitative risk analysis approach.

Note: If you have to make assumptions about certain aspects of the system, then clearly denote these assumptions in your report.


4.  Evaluate how any applicable federal legislation will help to minimize potential risks and help to prevent and detect cybercrime activities.

5.  Recommend acceptable and unacceptable risk standards that are consistent with specified federal legislation based on best practices for securing and preventing cybercrime within the organization in the scenario.

6.  Develop a cybercrime prevention strategy for the contractor.

•  Define the steps that should be taken in order to implement and maintain your strategy.


B.  If you use sources, include all in-text citations and references in APA format.

i am willing to pay 160.00 USD for this help.  [negotiable]
this question is about Computer Science
due March 3 2013

posted :October 3 2012


Oct 17 2012 
ache...(3 more words & 5 attachments).
 Part_A_Task_A.docx (109KB)  
 Part_A_Task_B.docx (111KB)  
 Part_B_Task_A_and_B.docx (118KB)  
 Part_C_Task_A_and_B.docx (18KB)  
 Part_D_Task_A_and_B.docx (80KB)