Evaluate the sites prior to purchase from a risk and compliance standpoint.

  1. Team Details
  • Document your roles in the organization (e.g., CIO, CISO, Architect, etc.)
  • Develop job descriptions for each role, include a salary range

2. Information Security Policy

  • Select a best practice framework, review the control family recommendations and document a policy for the existing organization with the expectation that the new sites will follow the policy. Note: Still follow APA for this assignment, which may not be appropriate in an organization.

3. Testing Methodology Policy and Procedure

  • Research and document preferred testing methodologies for:
    EMR, Mobile Apps, Patient Care devices, External websites, SDLC (hint: vulnerability scanning, penetration testing, medical device scanning, static code analysis, dynamic code analysis, etc.).
  • Research and document preferred remediation cycles for the in scope systems (hint: HIPAA, PCI, FERPA)
  • Research and document preferred reporting cycles / methods for the in scope systems (hint: vulnerability metrics, such as CVSS, NVD). Note: Still follow APA for this assignment, which may not be appropriate in an organization.

4. Network Diagram

  • Develop a proposed network diagram for after the purchase to aid in security and administration (reference required security controls in your policy) (You can use PowerPoint if you don’t have Vizio or another option).

5. Physical Security Assessment Procedure

  • Develop a physical security assessment plan for the new entity (reference this in your policy). Note: This can be a checklist.

6. Project Plan

  • Include timelines, expected level of efforts, RACI model, remediation expectations (if you decide to also use third party resources, you’ll need to estimate those costs since you have already created your own hourly rate).

7. Risk Acceptance / Risk Tolerance Procedure

  • Develop a method for leadership to receive risk details and determine appropriate risk actions.

8. Final Presentation

  • Summarize items 1 – 7 to present to the class