Information Asset Security Plan
Health Now, LLC is your town medical group with three different offices: a main office and two satellite offices. Each office has three doctors: a family medicine doctor, internal medicine doctor, and a pediatrician. Each of the two satellite offices has four nurses and one receptionist. The main office has five nurses, one receptionist, and two appointment schedulers based on doctors’ availability and the patient address.
There are also two employees in the finance department at the main office. The main office has ten laptop computers, six desktop computers, and three printers. It also has a rack of servers and enough capacity to store the data of all three offices. Each of the two satellite offices has seven laptop computers, four desktop computers, and two printers. Physicians are provided smartphones for after-hours services with the capability to connect to the servers and review patients’ data.
While HealthNow, LLC has no information security staff, it must have a plan to ensure the security of its information assets. In order to meet this goal, your team has been hired as security consultants. Develop a report to include the following information:
A description of the potential external and internal security threats at HealthNow, LLC .
The business and compliance elements that must be secured.
The roles and responsibilities of each employee in order to have a successful security program
A security risk assessment (sample can be found at https://www.xervant.com/docs/Security%20Assessment%20Report%20Sample.pdf)
A description of the comprehensive approach that HealthNow, LLC should implement in order to protect sensitive information assets from various forms of evolving threat, including the access controls that should be implemented to prevent data breaches and a recommendation for how network access should be monitored.
A supply chain security policy that must be followed by HealthNow, LLC vendors.
A network diagram based on your understanding of the HealthNow, LLC network.
The regulations you think HealthNow, LLC would be subject to with an explanation of your reasoning and the process that should be used to ensure compliance.
A discussion of the legal issues the organization exposes itself to should it not abide by the regulations.
A discussion of the security metrics program that HealthNow, LLC should establish and your rationale.