For an organization to successfully enforce its security program, it must take risk analysis and risk management into consideration. A risk analysis will identify potential threats and vulnerabilities of the systems and any existing related risks. Applying threat modeling to analyze the security of an application by identifying, quantifying, rating, and addressing the threats is crucial for the organization to prevent and mitigate any threats. Since risk is calculated by multiplying the threat by the vulnerability, the higher the threat, the higher the risk an organization may have to suffer. If the threat is zero, the risk is zero. It is important to rate the threat and risks from the lowest to the highest so we can address and fix the ones
…show more content…
Risk management can be done by: (1) developing and implementing a risk management plan, (2) implementing security measures, and (3) evaluating and maintaining security measures (CMS, 2007). Risk analysis and risk management are ongoing processes; therefore, constant re-evaluation and monitoring are required to mitigate the …show more content…
This assessment draws attention not only the vulnerabilities that are present within the current system, but also offers solutions in order for the application to implement a defense in depth technological infrastructure regarding the new additions to the access control and authentication factors of the application database. iTrust at the moment is infected with bugs and access control issues that consequently compromise the PII of not only the employees that use the system for organizational purposes, but also patients whose sensitive information is installed within a database. Before the new requirements of application are implemented, it is recommended that the database application goes through a temporary disconnect of network traffic and access in order to close or mitigate common bugs that are present in the system. iTrust would also benefit from the implementation of an intrusion detection system in order to acknowledge, analyze and prevent anomalies or malicious network traffic. For the login information of the website, it is recommended that employees and patients that are responsible for PII be required to implement multi-factor authentication to allow for the iTrust application to successfully authorize the appropriate users to access sensitive medical
Risk management can be done by: (1) developing and implementing a risk management plan, (2) implementing security measures, and (3) evaluating and maintaining security measures (CMS, 2007). Risk analysis and risk management are ongoing processes; therefore, constant re-evaluation and monitoring are required to mitigate the …show more content…
This assessment draws attention not only the vulnerabilities that are present within the current system, but also offers solutions in order for the application to implement a defense in depth technological infrastructure regarding the new additions to the access control and authentication factors of the application database. iTrust at the moment is infected with bugs and access control issues that consequently compromise the PII of not only the employees that use the system for organizational purposes, but also patients whose sensitive information is installed within a database. Before the new requirements of application are implemented, it is recommended that the database application goes through a temporary disconnect of network traffic and access in order to close or mitigate common bugs that are present in the system. iTrust would also benefit from the implementation of an intrusion detection system in order to acknowledge, analyze and prevent anomalies or malicious network traffic. For the login information of the website, it is recommended that employees and patients that are responsible for PII be required to implement multi-factor authentication to allow for the iTrust application to successfully authorize the appropriate users to access sensitive medical