Risk Analysis And Risk Management Essay

1541 Words Nov 20th, 2016 7 Pages
For an organization to successfully enforce its security program, it must take risk analysis and risk management into consideration. A risk analysis will identify potential threats and vulnerabilities of the systems and any existing related risks. Applying threat modeling to analyze the security of an application by identifying, quantifying, rating, and addressing the threats is crucial for the organization to prevent and mitigate any threats. Since risk is calculated by multiplying the threat by the vulnerability, the higher the threat, the higher the risk an organization may have to suffer. If the threat is zero, the risk is zero. It is important to rate the threat and risks from the lowest to the highest so we can address and fix the ones that have the highest risks with high priority to prevent damage.
Risk analysis can be done by: (1) identifying the scope of the analysis to ensure the confidentiality, availability, and integrity of electronic personal health records (EPHI), (2) gathering data, (3) identifying and documenting potential threats and vulnerabilities, (4) assessing current security measures to minimize the risks to EPHI, (5) determining the likelihood of threat occurrence, (6) determining the potential impact of threat occurrence, (7) determining the level of risk, and (8) identifying security measures and finalizing documentation (CMS, 2007). Risk management can be done by: (1) developing and implementing a risk management plan, (2) implementing security…

Related Documents