Risk Assessment Report of the essay

Download this essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from essay:



Functional description

The Public Health Informatics and Technology Program's IT system was developed by the Office of Surveillance, Epidemiology, and Laboratory Services (OSELS).The CDC division response for its deployment and maintenance is the Division of Informatics Research and Development (DIRD) whose role is to advance the frontiers of public health informatics by means of appropriate research and development. The DIRD division is to collaborate with the other members of the CDC programs in order to come up with various innovative technologies to be utilized in positively impacting the various health practices in both short-term and long-term basis (CDC, 2010).

Public Health Informatics and Technology Program relies on various technologies in achieving its objectives. The underlying characteristic of these technologies is that they are client/server in their architecture are meant to aid in the handling of various forms of information in the CDC corporation and well as externally between CDC and its other partners.

System users

The major users of the Public Health Informatics and Technology Program's IT system are the various CDC personnel scattered across its global offices. However other stakeholders also have access to the system. The table below provides details of system users as well as their details and responsibilities

Table 1 Public Health Informatics and Technology Program's IT system Users

User Category

Access Level Read / Write/Full

Number (Aproximate)

Organization

Geographic Location

Developers

Read/Write

20

CDC (DIRD)

Atlanta

CDC personnel

Varied access

CDC

CDC offices

Stakeholders

Read

12

ACF, DOE etc.

Nationwide

System Dependencies

The system has various dependencies. The dependencies are telecommunication/Information Technology (IT) resources upon which the operations of the system under review are dependent in order to process, transport and to store information. The intricate relationship that exists between the various system components is crucial in order to ensure a seamless achievement of the basic Information Assurance tenets. Below is a list of the various CDC IT resources.

Policies governing CDC Enterprises

CDC's Enterprise Mid-Tier Data Center

CDC Network Infrastructures comprising of:

Information Technology Services Office's (ITSO) Local Area Networks (LANs)

Atlanta Metropolitan Area Network (AMAN)

CDC's Wide Area Network

Internet Connectivity

Technical Vulnerability Scanning Service

DMZ Connectivity

CDC Enterprise Windows Domain and the Active Directory Environment

CDC Enterprise Security Services which includes;

CDC's Border Firewall

RSA SecurID Authentication System

CDC's Border Router Access Control Lists

E-Mail Gateway Virus Scanning and Attachment Removal

Network-Based Intrusion Detection Systems

CDC Enterprise Mainframe

Protection Requirements

Both information and information systems have distinct life cycles. It is important that the degree of sensitivity of information be assessed by considering the requirements for the C/I/A of the information: the need for system data to be kept confidential; the need for the data processed by the system to be accurate, and the need for the system to be available. Confidentiality focuses on the impact of disclosure of system data to unauthorized personnel. Integrity addresses the impact that could be expected should system data be modified or destroyed. Availability relates to the impact to the organization should use of the system be denied.

The protection environment results

Confidentiality: The Public Health Informatics and Technology Program's Information Technology (IT) infrastructure contains information that is very sensitive since it holds identity information for various people who participate in CDC's surveys. There is therefore a need for the data to be protected against unauthorized disclosure. In case this data leaks to the general public, there would be a drastic loss in the level of public confidence all forms of surveys being conducted by the CDC. The consequences could be great in terms of embarrassment and legal actions against the CDC.

It is therefore prudent to gauge the level of adverse effects that could results of unauthorized disclosure of sensitive information contained in the IT infrastructure. The level could be expected to be:

Limited

Serious

Severe

With a rating of being;

Low

Moderate

High

Integrity: The Public Health Informatics and Technology Program's Information Technology (IT) infrastructure collects as well as processes various health and nutritional data collected annually from various carefully selected representative data from the general U.S. population. Since the information obtained depends on the accuracy of the data collected. A modification of either the data or the final information would adversely affect the quality and accuracy of the survey results.

It is therefore prudent to gauge the level of adverse effects that could results of unauthorized disclosure of sensitive information contained in the IT infrastructure. The level could be expected to be:

Limited

Serious

Severe

With a rating of being;

Low

Moderate

High

Availability: If the Health Informatics and Technology Program's Information Technology (IT) infrastructure is to remain unavailable for a relatively short period of time, then the immediate effects of the interruption would affect the overall efficiency on the system's operation.

It is therefore prudent to gauge the level of adverse effects that could results of unauthorized disclosure of sensitive information contained in the IT infrastructure. The level could be expected to be:

Limited

Serious

Severe

With a rating of being;

Low

Moderate

High

Threat statement

The threat statements as outlined in the NIST SP 800-30 has a description of methods of threat identification, source of the threat and the appropriate action that is to be taken in order to carry out the assessment process.

The definitions are as follows:

Threat- this is the ability of a particular source of threat to cause utmost concern as vulnerability.

Threat sour nubuigh7uygtyhhuce- This is the event or circumstance that has the potential to harm an IT system. There are various sources of threats which can be attributed to human, environmental and natural sources.

Threat Action-This is the technique through which the attack on a particular system is perpetrated. Examples include intrusion, hacking, Denial of service attacks, spoofing etc.

Threat Source -- Any circumstance or event with the potential to cause harm to an IT system. The common threat sources can be natural, human or environmental.

Threat Action -- The method by which an attack might be carried out (e.g., hacking, system intrusion).

References

CDC, (2010).Public Health Informatics and Technology Program Office:Informatics Research and Development.

http://www.cdc.gov/osels/ph_informatics_technology/informatics_research_development.html

Chambers & Thomson, (2004).Vulnerability Disclosure Framework.

http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf

Madden, T.(2007). Draft Risk Assessment Report.

http://csrc.nist.gov/groups/SMA/fasp/documents/risk_mgmt/RAR_Template_07112007.doc

NIST,(2004).Risk Management Guide for Information Technology Systems

http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

Praxiom,(2010).ISO 27001 and ISO 27002* Plain English Information Security management

Definitions.

http://www.praxiom.com/iso-27001-definitions.htm[continue]

Cite This Essay:

"Risk Assessment Report Of The" (2010, July 28) Retrieved November 29, 2016, from http://www.paperdue.com/essay/risk-assessment-report-of-the-9412

"Risk Assessment Report Of The" 28 July 2010. Web.29 November. 2016. <http://www.paperdue.com/essay/risk-assessment-report-of-the-9412>

"Risk Assessment Report Of The", 28 July 2010, Accessed.29 November. 2016, http://www.paperdue.com/essay/risk-assessment-report-of-the-9412

Other Documents Pertaining To This Topic

  • Risk Assessment Report

    Risk Assessment at the Wal-Mart Stores Inc. Industry and company information Risk assessment System characterization Threat identification Vulnerability identification Control analysis Likelihood determination Impact analysis Risk determination Control recommendations Concluding remarks Bibliography (Annotated) The current economic climate is more challenging than ever and economic agents face incremental difficulties in registering profits through the serving of a population with a decreasing purchasing power. Nevertheless, in a context in which most economic agents register decreasing revenues, America's number one retailer -- Wal-Mart -- registers growing

  • Risk Assessment for a Water Company

    Risk Assessment for a water company Risk Assessment Report Organization: Artesian Water Company Table of Continent Executive Summary 3 Table 4 Analysis Problem & Solutions 6 Conclusion Risk Assessment Report for Artesian Water Company Artesian Water Company hereby presents their annual risk assessment report. Together with other companies, these reports are always presented to the Delaware Division of Public Health (DPH) and United States Environmental Protection Agency (EPA), as well as the public has the opportunity of

  • Risk Assessment Safety and Health Risks UK

    Risk Assessment SAFETY AND HEALTH RISKS: UK Workers' health and safety has become a major issue of debate in the UK corporate world because it has been found that in several cases, occupational injuries occur not due to the negligence of the employees but more because of the inappropriate safety measures. While not every person would agree with this, at least those in the legal profession maintain that employers can be charged

  • Risk Assessment the Science of

    Psychology differs from other sciences, such as physics or chemistry, where test conditions and parameters are easier to control. In psychology, there are factors that are easily controlled, but there are also circumstances that are beyond the control of the researcher. For instance, the researcher cannot control a history of abuse, or social teaching that occurred in the subject's childhood. All of these factors could affect the outcome of the

  • Risk Assessment in the Past

    It is also quite possible to use the file system's security characteristics or features in order to protect accessibility to the device management application itself. Then unauthorized users will not be in a position to read the application file, and they will not be able to run the application and have to attempt to guess a legitimate logon password in each of the step providing an extra layer of

  • Risk Management & Risk Assessment

    Communication strategies also focus on assisting the public with post-risk claims. Broward County also places great emphasis on claims and liability, as well as protecting the financial assets of the county. Dangerous risk factors themselves, as well as the prevention of these, are of secondary importance. The same is true for the Enterprise Risk Management site of Carolina. The focus here is mainly on the institutions and the risks directly

  • Global Finance Inc Gfi IT Risk Assessment

    GLOBAL FINANCE, INC. (GFI) IT RISK ASSESSMENT PAPER When it comes to the risk assessment of Global Finance, Inc. there were identified vulnerabilities that were occurring in the locations of Technical Security, Management, and Operational. Vulnerabilities at the company are looked at as being weaknesses that could possibly be oppressed by a group of threats or just threats in general. Basically, all of these vulnerabilities are able to be alleviated by safeguards


Read Full Essay
Copyright 2016 . All Rights Reserved