Info Security & Risk Management


• Write paper in sections

• Understand the company

• Find similar situations

• Research and apply possible solutions

• Research and find other issues


• You are an Information Technology (IT) intern

• Health Network Inc. 

• Headquartered in Minneapolis, Minnesota

• Two other locations

• Portland Oregon

• Arlington Virginia

• Over 600 employees

• $500 million USD annual revenue

DATA Centers

• Each location is near a data center

• Managed by a third-party vendor

• Production centers located at the data centers

Health network’s Three products

• HNetExchange

• Handles secure electronic medical messages between 

• Large customers such as hospitals and 

• Small customers such as clinics

• HNetPay

• Web Portal to support secure payments

• Accepts various payment methods

• HNetConnect

• Allows customers to find Doctors

• Contains profiles of doctors, clinics and patients

Health networks IT network

• Three corporate data centers

• Over 1000 data severs

• 650 corporate laptops

• Other mobile devices

Management request

• Current risk assessment outdated

• Your assignment is to create a new one

• Additional threats may be found during re-evaluation

• No budget has been set on the project

Threats identified

• Loss of company data due to hardware being removed from production systems

• Loss of company information on lost or stolen company-owned assets, such as mobile devices and laptops

• Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and so on

• Internet threats due to company products being accessible on the Internet

• Insider threats

• Changes in regulatory landscape that may impact operations 

Part 1 project assignment

• Conduct a risk assessment based on the information from this presentation

• Write a 5-page paper properly APA formatted

Your paper should include

The Scope of the risk assessment i.e. assets, people, processes, and technologies

Tools used to conduct the risk assessment

Risk assessment findings

Business Impact Analysis