+1443 776-2705 panelessays@gmail.com

The purpose of this assignment is to create an information security risk assessment report for an organization.

Using the company selected for the Topics 5-7 assignments, write a security risk assessment report. Use the outline presented in Chapter 7 of Information Security Risk Assessment Toolkit: Practical Assessments Through Data Collection and Data Analysis, including the sections outlined below. Use information from the Topic 4-7 assignments to create the report.

Executive Summary

Methodology

Organizational Assessment

System Specific Assessment

Results

Organizational Risk Analysis, including review of emerging threats and trends, third-party assessments, and security metrics.

System Specific Analysis, including system characterization, threat identification, vulnerability identification, impact analysis, control analysis, likelihood determination, risk determination, control recommendations, and results documentation.

Risk Register

Conclusion

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion. 

You are required to submit this assignment to LopesWrite. A link to the LopesWrite technical support articles is located in Course Materials if you need assistance. 

Framework and Compliance 5

Compliance and limiting systems square measure sets of tips and best practices. Associations follow these tips to fulfill limiting requirements, further develop processes, fortify security, and win elective business targets. In the benchmark that aims to bridge the gap between frameworks and compliance, we will focus on Cigna Corp, a medical-based company. Some of the significant services offered by the company managed care services. Additionally, the company provides clinical, life, and insurance products(Berg, Kölbel and Rigobon, 2019). The company has more than 150 million clients spread in more than 25 nations around the world. With these customer demographics, the company is able to outfit noteworthy of knowledge that deals with the whole personal wellbeing thus driving to better wellbeing results.

Cigna's objective is for all business specialists to practice compliance day by day throughout addressing the organization. Since it is a medical-based company, the company applies HIPAA regulations. These rules ensure the privacy, security, and accessibility of all e-PHI they create, receive, store, or send. They also recognize and guard against reasonably anticipated threats to the data's security or integrity. HIPAA standards also protect against reasonable expectations of prohibited uses or disclosures. HIPAA regulations must be followed at all times (Wu, Spafford and Zeni, no date). They guarantee that individuals' wellbeing information is appropriately secured while taking into account the movement of wellbeing information needed to give and propel first-rate clinical benefits and guarantee the overall population's wellbeing and success.

It is generally expected in most medical services offices, like emergency clinics, to keep in touch with data. A covered medical services supplier might depend on a person's casual consent to list in its office catalog the patient's name, general condition, strict connection, and area in the supplier's office(Wu, Spafford and Zeni, no date). A covered substance is any medical services provider who, regardless of measurement, electronically sends health data about specific exchanges. A major motivation is to define and limit the circumstances in which a person's protected health data may be used or disclosed by protected elements.

With a security control framework such as NIST, the Cigna Corp Company can protect patients' data from being accessed by unauthorized individuals. Since the NIST framework is generally a set of rules and best practices that aims to assist associations with building and further developing their network safety pose, the framework can distinguish, protect, Identify, react, and recover critical patient information(Almuhammadi and Alsaleh, 2017). These assist the medical-based company with overseeing network safety hazards by getting sorted out data, empowering risks the executive's choices, tending to dangers, and gaining from past exercises.

NIST gives guidelines to suggested security controls for data frameworks at government organizations, such as Cigna Corp Company. NIST distributions, a large number of which are needed for bureaucratic offices, for instance, within Cigna Corp Company, can fill in as intentional rules and best practices for state, nearby, and ancestral legislatures and the private area. NIST framework may give sufficient profundity and expansiveness to help associations (such as Cigna Corp Company) of many sizes select the sort of execution that best accommodates their exceptional conditions(Almuhammadi and Alsaleh, 2017). NIST security norms and rules can help the necessities of HIPAA regulations since organizations can use them to give an organized yet flexible structure for choosing, indicating, utilizing, and assessing the security controls in data frameworks.

Nist Security assessment Plan Template Luxury It Infrastructure Site Survey Template  Security assessment | Security assessment, Assessment, How to plan

References

Almuhammadi, S. and Alsaleh, M. (2017) ‘Information Security Maturity Model for Nist Cyber Security Framework’, pp. 51–62. doi: 10.5121/csit.2017.70305.

Berg, F., Kölbel, J. and Rigobon, R. (2019) ‘Aggregate Confusion: The Divergence of ESG Ratings’, SSRN Electronic Journal. doi: 10.2139/ssrn.3438533.

Wu, R., Spafford, E. H. and Zeni, N. (no date) ‘Towards HIPAA-compliant healthcare systems Related papers’.

,

Running head: Risk management Program 1

Risk Management Program

Student's name

Institutional Affiliation

Course Number and Name

Instructor name

Due Date

Introduction

Information and data are crucial to Cigna's activities. It is devoted to safeguarding its customers' on the whole right to security and liking the confidence they place in the company. The organization's wide security rules and norms are the bedrock of Cigna's network protection program. CIP has adjusted Cigna's online protection program. Cigna Corp Company gathers and utilizes sensitive personal data about our clients' wellbeing and prosperity to support them worldwide. The company has a thorough security program to ensure and mindfully utilize our clients' data. The company’s security consistency program is intended to guarantee that sufficient approaches, preparing, announcing systems, episode the board cycles, and preventive measures are set up to shield individual data from hurt brought about by ill-advised assortment, use, sharing, or insurance.

Because it is a medical-based organization, HIPAA laws are among the regulatory compliance and control criteria it must conform to. These guidelines ensure that everything e-PHI they create, receive, keep, or communicate kept private, secure, and accessible. They also recognize and protect against threats to the data's security or integrity that are reasonably foreseeable. The HIPAA rules also safeguard against reasonable expectations of prohibited uses or disclosures. HIPAA laws must be followed (Wu, Spafford and Zeni, no date). They ensure that individuals' health information is securely protected while also taking into account the flow of health information required to provide and promote first-rate therapeutic benefits and ensure the overall wellbeing and success of the population.

Risk Management Framework

Cigna Corporation is committed to maintaining a globally recognized security and data assurance program that adheres to internationally established procedures and regulations, such as the National Institute of Standards and Technology's Cyber security Framework (NIST800-37). The company's risk management framework includes the following steps: Categorization of the company's information systems, which specifies the type of system that should be included. The selection of security controls is the next step. Suitable security control is chosen from NIST publication 800-37 to provide a more consistent, comparable, and repeatable approach to selecting and configuring security controls for Cigna Corp Company systems (NIST, 2017).

The next stage is to put security controls in place. All processes and procedures are documented in this location. Another step is to evaluate security controls. The company ensures that all of the chosen security controls are implemented here. The following phase is information authorization, in which the organization ensures that all security safeguards are functioning properly, intending to minimize risks. Finally, security control efficacy and efficiency are monitored.File:NIST SP 800-30 Figure 4-2.png - Wikimedia Commons

When deciding on and implementing design and framework upgrades, the company considers that each component that can be modified should be reified to be updated. For example, it's the case with the four aforementioned critical structural components. As a result, they are regarded as first-class elements. The following options are available for engineering and framework updates: The organization begins by clearly understanding its requirements. The following stage considers every part under design and framework updates after having a decent understanding and knowledge of its destinations (NIST, 2018). The engineering and framework are then divided into several segments that may be easily examined and modified. The construction of a model comes next, followed by identifiable proof and evaluation of non-utilitarian requirements.

Risk Management Program

The integration of TVM and SRR into the NIST800-3 system at TVM allows Cigna Port Company to recognize continuously, survey, group, remedy, and relieve security flaws and fully comprehend the underlying driving investigation to address expected flaws in the strategy process. Furthermore, SRR ensures that the engineer knows the framework requirements and is ready to proceed with the underlying framework plan. This survey aims to see if the framework requirements are captured in the framework execution detail.

The NIST800-37 structure's lifespan begins with the program's creation, progresses to a system enhancement, and finally to program support. Each of the four phases involves a set of security duties, such as vulnerability management, risk rating/prioritization, security risk evaluation, and architecture change audits, which are required to integrate security into the system development process properly.

Conclusion

With cyber dangers rapidly evolving and data volumes skyrocketing, many firms, like Cigna, are seeking to ensure a high level of security. Implementing a solid network security system (CSF) can help you secure your company. Accepting the NIST800-37 framework is one of Cigna's most impressive steps to ensure acceptable security within the company.

NIST800-37 system has the following merits to Cigna Corp: The organization can better understand current security threats using this methodology. The structure has also aided the firm in effectively communicating with all partners, including IT, business, and leadership teams. In addition, the NIST system has given the business the ability to examine expected instruments and cycles and identify mitigating methods.

References

Wu, R., Spafford, E. H. and Zeni, N. (no date) ‘Towards HIPAA-compliant healthcare systems

Related papers’.

National Institute National Institute of Standards and Technology. (2017). Risk management framework for information systems and organizations: NIST SP 800-37 revision 2.

National Institute National Institute of Standards and Technology. (2018). undefined. Createspace Independent Publishing Platform.

,

Running head: Risk management Program 1

Risk Management Program

Student's name

Institutional Affiliation

Course Number and Name

Instructor name

Due Date

Introduction

Information and data are crucial to Cigna's activities. It is devoted to safeguarding its customers' on the whole right to security and liking the confidence they place in the company. The organization's wide security rules and norms are the bedrock of Cigna's network protection program. CIP has adjusted Cigna's online protection program. Cigna Corp Company gathers and utilizes sensitive personal data about our clients' wellbeing and prosperity to support them worldwide. The company has a thorough security program to ensure and mindfully utilize our clients' data. The company’s security consistency program is intended to guarantee that sufficient approaches, preparing, announcing systems, episode the board cycles, and preventive measures are set up to shield individual data from hurt brought about by ill-advised assortment, use, sharing, or insurance.

Because it is a medical-based organization, HIPAA laws are among the regulatory compliance and control criteria it must conform to. These guidelines ensure that everything e-PHI they create, receive, keep, or communicate kept private, secure, and accessible. They also recognize and protect against threats to the data's security or integrity that are reasonably foreseeable. The HIPAA rules also safeguard against reasonable expectations of prohibited uses or disclosures. HIPAA laws must be followed (Wu, Spafford and Zeni, no date). They ensure that individuals' health information is securely protected while also taking into account the flow of health information required to provide and promote first-rate therapeutic benefits and ensure the overall wellbeing and success of the population.

Risk Management Framework

Cigna Corporation is committed to maintaining a globally recognized security and data assurance program that adheres to internationally established procedures and regulations, such as the National Institute of Standards and Technology's Cyber security Framework (NIST800-37). The company's risk management framework includes the following steps: Categorization of the company's information systems, which specifies the type of system that should be included. The selection of security controls is the next step. Suitable security control is chosen from NIST publication 800-37 to provide a more consistent, comparable, and repeatable approach to selecting and configuring security controls for Cigna Corp Company systems (NIST, 2017).

The next stage is to put security controls in place. All processes and procedures are documented in this location. Another step is to evaluate security controls. The company ensures that all of the chosen security controls are implemented here. The following phase is information authorization, in which the organization ensures that all security safeguards are functioning properly, intending to minimize risks. Finally, security control efficacy and efficiency are monitored.File:NIST SP 800-30 Figure 4-2.png - Wikimedia Commons

When deciding on and implementing design and framework upgrades, the company considers that each component that can be modified should be reified to be updated. For example, it's the case with the four aforementioned critical structural components. As a result, they are regarded as first-class elements. The following options are available for engineering and framework updates: The organization begins by clearly understanding its requirements. The following stage considers every part under design and framework updates after having a decent understanding and knowledge of its destinations (NIST, 2018). The engineering and framework are then divided into several segments that may be easily examined and modified. The construction of a model comes next, followed by identifiable proof and evaluation of non-utilitarian requirements.

Risk Management Program

The integration of TVM and SRR into the NIST800-3 system at TVM allows Cigna Port Company to recognize continuously, survey, group, remedy, and relieve security flaws and fully comprehend the underlying driving investigation to address expected flaws in the strategy process. Furthermore, SRR ensures that the engineer knows the framework requirements and is ready to proceed with the underlying framework plan. This survey aims to see if the framework requirements are captured in the framework execution detail.

The NIST800-37 structure's lifespan begins with the program's creation, progresses to a system enhancement, and finally to program support. Each of the four phases involves a set of security duties, such as vulnerability management, risk rating/prioritization, security risk evaluation, and architecture change audits, which are required to integrate security into the system development process properly.

Conclusion

With cyber dangers rapidly evolving and data volumes skyrocketing, many firms, like Cigna, are seeking to ensure a high level of security. Implementing a solid network security system (CSF) can help you secure your company. Accepting the NIST800-37 framework is one of Cigna's most impressive steps to ensure acceptable security within the company.

NIST800-37 system has the following merits to Cigna Corp: The organization can better understand current security threats using this methodology. The structure has also aided the firm in effectively communicating with all partners, including IT, business, and leadership teams. In addition, the NIST system has given the business the ability to examine expected instruments and cycles and identify mitigating methods.

References

Wu, R., Spafford, E. H. and Zeni, N. (no date) ‘Towards HIPAA-compliant healthcare systems

Related papers’.

National Institute National Institute of Standards and Technology. (2017). Risk management framework for information systems and organizations: NIST SP 800-37 revision 2.

National Institute National Institute of Standards and Technology. (2018). undefined. Createspace Independent Publishing Platform.