Nov 28, 2020 in Coursework

Calibration of "Ease of Attack" for Four New Requirements

Emergency responder

The first requirement is to add an emergency responder be charged with the role risk analysis and management. The current situation is that the current roles include the health care professionals, voluntary workers in the healthcare setting, as well as, secretarial support. Thus, there the entity should add the emergency responder role to assist in the determination and respond to any emergency issue at the workplace. The job may be given to a police, a fire disaster emergency specialist, or medically trained professionals charged with the responsibility of providing in an emergency site.

The role of emergency responder roles is to obtain data from patients who have important information to present them to the relevant authority. These may include vital information on health status, allergies, short-term diagnosis and long term diagnosis, the history of drug prescription. The patients may also be required to provide information concerning their immunization history. In order to achieve this, the patients will be reached by notifying them through electronic sources, such as, emails.


Vulnerability refers to a flaw or weakness experienced in system security procedures, design, implementation. It also refers to internal controls which may be executed in the workplace. Moreover, vulnerabilities may be accidentally triggered or may be intentionally exploited, and may contribute in a security breach or considered as a violation of the system's security policy. Therefore, vulnerabilities of all kinds, whether triggered accidentally or intentionally exploited may lead into a security incident. Vulnerabilities may be classified as technical and non-technical. Thus, the existence of flaws or weaknesses in the development of information system, or information systems which are not configured correctly may result into technical vulnerabilities. However, the non-technical vulnerabilities encompasses ineffective or non-existent policies, procedures, standards and policy guidelines.


Threats refer to the potential of an individual or an item to exercise, or accidentally trigger or intentionally exploit a given vulnerability in the IT system. There are many forms of threats which may happen in the IT system or operating in a workplace environment. Threats are classified in general categories, such as, natural, human induced, or environmental. Thus, the common threats according to their classification in general categories may include natural disasters, such as, landslides. These are referred to as natural threats. The other group of threats is classified as human threats. Human threats may comprise of intentional experiences, such as network and computer based attacks and malicious software. On the other hand, threats may be classified as unintentional such as inadvertent data entry or erroneous deletion or inaccurate entry of data. Environmental threats may comprise of unpredictable power shortages or failures, all forms of pollution, chemicals, as well as, liquid leakage.

Compute security risk for adding ER role.

It is easy to understanding the meaning of risk once vulnerability and threat are defined. Therefore, risk refers to the possibility of occurrence of a particular threat either committed accidentally or intentionally, with a resultant effect. A threat must have the ability to trigger or change vulnerability It is vital to understand that a vulnerability triggered or exploited by a threat equals to risk. Security risk occurs mainly from unauthorized disclosure and alteration or modification of information.

When computing security risk, the emergency risk responder should perform risk analysis and assessment. There are many methods that can be used to carry out risk analysis and assessment. For instance, the risk analysis steps include the following. The first step involves the identification of the scope of analysis, data collection, identifying the vulnerabilities and the threats, and determining the potential effect of threat occurrence, the last step is to determine the severity of the threat or vulnerability, identify the potential measures measures, and to finalize the documentation of the final report.

The other role of the emergency responder is to develop strategies for risk assessment (Department of Health and Human Sciences, 2007). The steps involved in the risk assessment include developing and implementing a risk management plan. Implementing security measures, as well as, evaluating and maintaining security measures.

When computing security risk exposure, the emergency responder should take into account the following parameters. Traditional risk exposure and the likelihood of occurrence in order to identify the impact of loss. This assists in identifying the ease points and the value points. The emergency responder will measure the certainty that an event or risk will happen by assigning a probability as indicated in the table below.

Likelihood of risk occurrence


a. Occurs frequently

b. Continuously experienced



a. Happens less frequently

b. Issues identified have minimal audit activity

c. Process performance failures which are evident to audit experts



a. Happens occasionally

b. Potential issues identified during focusing review



a. The probability to occur is less

b. Reduced chances discovered during focusing review



a. Unlikely to occur


After computing the likelihood of risk occurrence, it is vital to determine its impact which involves a subjective assessment , the emergency responder should estimate the cost, the extent or duration , quantity and quality which can be estimated in the process to be evaluated by using standard tools, such as project plan.

Reducing security risk for adding ER role

Once the emergency responder has finalized the risk analysis process, the next step involves risk management. As required by security risk rule, risk management includes the process of implementing security measures to minimize or eliminate the risks to appropriate levels. The emergency responder will also be required, among other things, to ensure confidentiality, availability, as well as, integrity of the method used.

The first step in risk reduction is to develop and implement a risk management plan which will cover the entitys evaluation plan, prioritization, and the implementation of risk minimizing security measures. In order to make the risk management plan successful, key members of the organization must be involved. This includes top management of the organization. The findings of the risk analysis process will provide vital information which will be beneficial in risk privatization and to provide the necessary mitigation strategies for decision making (Ian & Raman, 2005).

The emergency responder should ensure that once the risk management plan is developed, security measures should be implemented by focusing on the actual implementation of the security measures, both technical and non-technical. Finally, the emergency responder should develop strategies to evaluate and maintain the security measures. In addition, it is vital to note that risk analysis and management is a continuous process that should be subjected to continuous review due to the changes which always occur in the environment.


Based on the added role of the emergency responder, it will be possible to manage a system which provides the covered entity with a thorough understanding of risk management and the appropriate security measured required to manage the risks and to provide protection against any anticipated future risks.

Order now

Related essays