https://www.globalsign.com/en/blog/cyber-autopsy-series-phishing-attack-magellan-health
To complete this section of your report, start by reviewing the following resources:
Information System Architecture
Web Security Issues
Insider Threats
Intrusion Motives/Hacker Psychology
Take what you learned about potential threats to assess the threat(s) to the organization information systems infrastructure that you wrote about in Step 4.
Provide a brief summary of the kinds of threats that an organization could face, addressing insider threats, intrusions, hacker psychology, and other weakness that might provide opportunities to breach the system. Relate these threats to the vulnerabilities in the CIA triad.
Next you will provide a mitigation strategy that will include a description of an identity management system, which will include authentication, authorization, and access control.
Remember that you are already expecting that your organization will need to update its identity management processes and policies, and you are laying the groundwork for the investment this will require.
As an example, think about the requirements for doctors use of laptop devices when they visit their patients at a hospital and their need to connect to the hospital PHI data.
Review the following resources:
Authorization
Access control
Passwords
Authentication
Multifactor authentication
Now, explain how your organization should restrict access to protect billing and PHI.
Explain the organization processes and workflows to safeguard PHI, including the use of passwords, password management, and password protection.
Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system.
Describe common factor authentication mechanisms to include multifactor authentication.
Finally, review the mission and organization structure of your organization as well as roles within it, and recommend accesses, restrictions, and conditions for each role.
What will happen if the CIO and the leaders do nothing and decide to accept the risks?
Could the CIO transfer, mitigate, or eliminate the risks? What are the projected costs to address the risks?