Abstract
In the FY 2015, OPM was a victim of massive data breach that involved the theft of sensitive customer information of millions of individuals. That brought into attention the issue of data protection which had been largely ignored by various organizations. It is a case study for every organizations that have information whose interruption or corruption may affect business operations. This risk assessment report was compiled which provides the ability for the customers with improved security for the data. The report also details the security infrastructure that was available, and how vulnerable it was such that the data breach happened. The assessment identified multiple risk areas that need the attention of the management and those involved.
The purpose of this risk assessment report was to identify threats and vulnerabilities of information within the hospital information system. The report shall be used to determine risk mitigation plans connected to the data breach at the office of the personnel management. The data breach already exposed the office and its informational security infrastructures as potentially high-risk systems in the office. The system in the office involves multiple components. The office’s external interface allows users to input data and receive information from the system. That was also used by intruders to penetrate the system. The scope of these risk assessment looks at this operating system and everything that runs through them which might have allowed introducers to access the data.
Threats at the Hospital
Information is an important asset at Galaxy Hospital. The hospital holds a key competitive advantage by using the information, whereas there are other parties which may need to acquire the information or limit business opportunities for various reasons. Attackers usually pose the most serious concern for any organization. There are two categories of threats that may attack an organization. They are natural or human threats. Physical threats are very rare, but they may happen in some cases. They include fires, earthquakes and other natural acts which may interrupt the functioning on an information system.
However, of more concern is the human threats. Human actions pose the most realistic threat to the hospital information system. Human attacks also come in two forms, from malicious and non-malicious internal groups (Roy Sarkar, 2010). Non-malicious interruption to the information system is caused by ignorant employees. Ignorant employees are those who have no intention of causing harm to the information, but due to their ignorance, they may interfere with data through unconsciously deleting or sharing it. They pose a significant threat given the fact that external malicious groups can use this employee to have access to the system and interfere with the system to achieve specific goals.