This week, you will finalize your System Security Evaluation. You will add the additional content (Part 2 below) to your work from Unit 4 IP. In 3–4 pages, you will address the following: Part 1 Upda

This week, you will finalize your System Security Evaluation. You will add the additional content (Part 2 below) to your work from Unit 4 IP. In 3–4 pages, you will address the following: Part 1 Upda
Unit 4 Individual Project Marcus Harbin Security of Electronic Health Information in relation to Information Security Professor Linda Ponder 19 June 2022 Assessment of physical and technical safeguards in place to protect health information from any type of threat A system security evaluation is a process used to identify and mitigate risks to an organization’s information systems. The purpose of this evaluation is to provide documentation for The Joint Commission (TJC) in order to reaffirm the facility’s accreditation. There are many standards and guidelines available to help organizations assess their physical and technical safeguards. Some of the most common resources include the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), and the ISO 27001 standard. The NIST Cybersecurity Framework is a voluntary guidance that provides a risk-based approach to managing cybersecurity threats. The HITRUST CSF is a security framework that can be used by organizations of all sizes to help them assess, build, and mature their security programs. The ISO 27001 standard provides guidance on how to implement an information security management system (ISMS) (Ou et al., 2015). Once the assessment of physical and technical safeguards is complete, the next step is to develop a plan for mitigating any risks that were identified. This plan should be tailored to the specific needs of the organization and take into account the resources that are available (Ou et al., 2015). Some common mitigation strategies that the LTC facility has in place include implementing security controls, increasing awareness and education, and establishing incident response procedures. Security controls can help to reduce the likelihood and impact of a security incident. The organization needs to increase awareness and educate its employees to help them to be more vigilant in their work and identify potential threats. The organization has established incident response procedures to minimize the damage from a security incident and ensure that it is prepared to handle such an event. After the assessment of physical and technical safeguards and the development of a mitigation plan, the next step is to implement the plan. This implementation should be done in a phased approach, with each phase being designed to address specific risks (Ou et al., 2015). The final step in developing a system security evaluation is to monitor and review the effectiveness of the safeguards that have been put in place. This can be done through regular audits and assessments. Monitoring and review should be an ongoing process to ensure that the safeguards remain effective and to identify any new or emerging risks. Evaluation criteria for the assessment 1) The initial phase of the security evaluation should include a certification process to ensure that all systems are compliant with the required security standards (Luo et al., 2014). This certification should be conducted by an independent third-party organization. 2) The security evaluation should also include an accreditation process to ensure that the LTC facility meets all the requirements for security certification. This accreditation should be conducted by The Joint Commission (Luo et al., 2014). 3) The security evaluation should include a continuous monitoring process to identify any potential security risks and vulnerabilities. This process should be conducted by the LTC facility’s security team. 4) The security evaluation should include a review of the security certification documentation to ensure that all systems are properly certified (Luo et al., 2014). 5) The security evaluation should also include a review of the security plan to ensure that it is up to date and covers all potential risks (Luo et al., 2014). In Summary, the criteria for this evaluation includes: 1. Initial phase: – Reviewing the current security policies and procedures – Identifying potential threats and risks – Assessment of current safeguards in place 2. Security certification: – Documentation of compliance with security standards (e.g., HIPAA, HITECH) – Certification by an independent third party 3. Security accreditation: – Documentation of compliance with security standards (e.g., HIPAA, HITECH) – Accreditation by an independent third party 4. Continuous monitoring: – Implementation of a continuous monitoring program – Regular review and update of security policies and procedures 5. Security plan content: – Documentation of the security policies and procedures in place – Description of the roles and responsibilities of all individuals involved in the security of the system After the evaluation is complete, the findings and recommendations should be presented to the CEO for review and approval. The System Security Evaluation will help to ensure that the organization’s information systems are secure and compliant with all relevant security standards. References Luo, H., Liu, R., Wang, Y., & Chen, J. (2014). Security Evaluation for RFID System: Security Evaluation Index Architecture and Evaluation Model. TELKOMNIKA Indonesian Journal Of Electrical Engineering, 12(6). https://doi.org/10.11591/telkomnika.v12i6.5401. Ou, Y., Xie, J., & Ling, J. (2015). An Improved Evaluation Index System for the Host Information Security Evaluation System. International Journal Of Security And Its Applications, 9(3), 49-62. https://doi.org/10.14257/ijsia.2015.9.3.06. https://class.ctuonline.edu/_layouts/MUSEViewer/Asset.aspx?MID=22566629&aid=22566630 https://class.ctuonline.edu/_layouts/MUSEViewer/Asset.aspx?MID=22566629&aid=22566632