Health care organizations , Lab questions help

Overview

In this lab, you identified known risks, threats, and vulnerabilities, and you organized them.

Finally, you mapped these risks to the domain that was impacted from a risk management

perspective.

Lab Assessment Questions & Answers

1. Health care organizations must strictly comply with the Health Insurance Portability and

Accountability Act (HIPAA) Privacy and Security rules that require organizations to have proper

security controls for handling personal information referred to as “protected health information,”

or PHI. This includes security controls for the IT infrastructure handling PHI. Which of the listed

risks, threats, or vulnerabilities can violate HIPAA privacy and security requirements? List one

and justify your answer in one or two sentences.

2. How many threats and vulnerabilities did you find that impacted risk in each of the seven

domains of a typical IT infrastructure?

3. Which domain(s) had the greatest number of risks, threats, and vulnerabilities?

4. What is the risk impact or risk factor (critical, major, and minor) that you would qualitatively

assign to the risks, threats, and vulnerabilities you identified for the LAN-to-WAN Domain for

the health care and HIPAA compliance scenario?

5. Of the three System/Application Domain risks, threats, and vulnerabilities identified, which one

requires a disaster recovery plan and business continuity plan to maintain continued operations

during a catastrophic outage?

6. Which domain represents the greatest risk and uncertainty to an organization?

7. Which domain requires stringent access controls and encryption for connectivity to corporate

resources from home?

8. Which domain requires annual security awareness training and employee background checks for

sensitive positions to help mitigate risks from employee sabotage?

9. Which domains need software vulnerability assessments to mitigate risk from software

vulnerabilities?

10. Which domain requires acceptable use policies (AUPs) to minimize unnecessary user-initiated

Internet traffic and can be monitored and controlled by Web content filters?

11. In which domain do you implement Web content filters?

12. If you implement a Wireless LAN (WLAN) to support connectivity for laptops in the

Workstation Domain, which domain does WLAN fall within?

13. Under the Gramm-Leach-Bliley-Act (GLBA), banks must protect customer privacy. A given

bank has just implemented its online banking solution that allows customers to access them

accounts and perform transactions via their computers or personal digital assistant (PDA) devices.

Online banking servers and their public Internet hosting would fall within which domains of

security responsibility?

14. True or false: Customers who conduct online banking on their laptops or personal computers

must use Hypertext Transfer Protocol Secure (HTTPS), the secure and encrypted version of

Hypertext Transfer Protocol (HTTP) browser communications. HTTPS encrypts Web page data

inputs and data through the public Internet and decrypts that Web page and data on the user’s PC

or device.

15. Explain how a layered security strategy throughout the seven domains of a typical IT

infrastructure can help mitigate risk exposure for loss of privacy data or confidential data from

the System/Application Domain.

Use this website

file:///C:/Users/Jamie/Downloads/Lab01_SLMx_Risk20%20(13).pdf

Part 2

In this lab, you defined COBIT P09, you described COBIT P09’s six control objectives, you

explained how the threats and vulnerabilities align to the definition for the assessment and

management of risks, and you used COBIT P09 to determine the scope of risk management for

an IT infrastructure.

Lab Assessment Questions & Answers

1. What is COBIT P09’s purpose?

2. Name three of COBIT’s six control objectives.

3. For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an

IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have

remediated, what must you assess as part of your overall COBIT P09 risk management approach

for your IT infrastructure?

4. True or false: COBIT P09 risk management control objectives focus on assessment and

management of IT risk.

5. What is the name of the organization that defined the COBIT P09 Risk Management Framework?

ISACA is the name of the organization that defined the COBIT

6. Describe three of the COBIT P09 control objectives.

7. Describe three of the COBIT P09.1 IT Risk Management Framework control objectives.

Use this website

file:///C:/Users/Jamie/Downloads/Lab02_SLMx_Risk20.pdf

"Is this question part of your assignment? We can help"

ORDER NOW