Learning Goal: I’m working on a writing question and need the explanation and answer to help me learn.
Assignment Content
As the CISO for a health care organization, you are tasked with:
Choosinga risk management framework and associated systemic process thatmeasures and evaluates risks that may impact the organizations assetsand data
Developing a security management plan that is aligned to the health care organizations goals and objectives
The goals are:
PatientSatisfaction: Patient satisfaction is the foundational strategy bywhich the health care organization will attain its mission. Itencompasses patient outcomes, compliance scores, and patient and visitorexperiences within the health care organization.
IncreaseRevenue: Providing excellent care requires money. The health careorganization seeks to maximize revenue wherever ethically possiblethrough a strategy that captures, retains, and grows revenue.
MaximizeOperational Efficiencies: Maximizing operational efficiencies helps thehealth care organization get the most value out of each dollar ofrevenue. Efficient operations also directly affect the patientexperience and overall patient and visitor satisfaction.
Gain positive returns on capital investments.
Ensure that new initiatives show a tangible return on investment (ROI).
The objectives are:
Leverage assets and resources for centralizing and automating processes.
Reduce the total cost of ownership (TCO) with respect to the IT infrastructure and IT systems.
Improvethe security of IT systems in order to protect the confidentiality,integrity, and availability of its data, assets, and systems.
Improvecompliance with regulatory requirements, such as HIPAA, Food and DrugAdministration (FDA), and Payment Card Industry Data Security Standard.
Part A
Developa 5- to 7-slide Microsoft PowerPoint presentation for the health careorganizations senior leadership that recommends a risk managementframework.
Address the following:
Define the chosen risk management framework for the organization to implement as part of its risk management program.
Illustrate the associated risk management processes.
Justify your choice for the risk management framework.
Note: The chosen risk management framework will be included in the security management plan in Part B.
Part B
Developa 3- to 4-page security management plan that documents the health careorganizations information security governance and the risk managementcomponents of the enterprise information security program.
Include the following:
Description of the health care organizations security management program
Alignment of security objectives to the health care organizations goals and objectives
Information security governance major activities
Legal and regulatory compliance requirements
Corporate compliance and security roles and responsibilities (CEO, CFO, CIO, CISO)
Risk management framework and major processes
List of required information security policies
Note: All references need to adhere to APA citation guidelines.