Mystar Hospice Risk Mgmt Plan
Risk Management Plan
Performed for
Mystar Hospice Care
By:
Date: 8/1/2014 Table of Contents
Top Concerns 4
1. Information Security Policy 4
2. Vulnerable Network Infrastructure 4
Scope Statement 5
Background 5
Operational Security 5
Vulnerabilities 5
There is no standard for security management 5
Threats 6
Physical Security 6
Vulnerabilities 6
Building Vulnerabilities 6
Several key doors within the building are unlocked or can be forced open 6
Security Perimeter Vulnerabilities 7
Policy 7
Approach 8
Server Controls 9
Access Controls 9
Server Access 9
Drive Encryption 9
Physical Security 9
Anti-Virus Software 9
Delete or disabling unnecessary software 9
Disaster Recovery Plan 10
Power Backup 10
Network Area Storage 10
Seagate Business Storage STBN4000100 - NAS server - 4 TB 10
QNAP® TS-412 4-Bay Network Attached Storage Server For Home and SOHO, 16 TB 10
Cloud Management 11
Zerto – Cloud DR 11
Disaster Recovery: 11
Frequent Periodic Data Backups 11
Replication of logical disk volumes 11
Disaster Preventative Monitoring 11
Emergency Failover System: 11
Incident Response Team Plan 12
Incident Response Team Members 12
Incident Response Team Roles and Responsibilities 12
Information Security Office 12
Information Technology Operations Center 13
Information Privacy Office 13
Network Architecture 13
Operating Systems Architecture 13
Internal Auditing 14
Incident Response Team Notification 14
Executive Summary
This risk management plan is being produced by Stronghold Securities for managing risks for Mystar Hospice Care. This report introduces the project manager to what a risk management plan should consist, it is only the first of the 3 phase project risk management series.
Top Concerns
Vulnerable network infrastructure
Absent Information Security Policy
The list below contains the findings, weaknesses, or vulnerabilities discovered during the site security assessment. Some of the issues listed here are coalesced from more than one section of the assessment
Performed for
Mystar Hospice Care
By:
Date: 8/1/2014 Table of Contents
Top Concerns 4
1. Information Security Policy 4
2. Vulnerable Network Infrastructure 4
Scope Statement 5
Background 5
Operational Security 5
Vulnerabilities 5
There is no standard for security management 5
Threats 6
Physical Security 6
Vulnerabilities 6
Building Vulnerabilities 6
Several key doors within the building are unlocked or can be forced open 6
Security Perimeter Vulnerabilities 7
Policy 7
Approach 8
Server Controls 9
Access Controls 9
Server Access 9
Drive Encryption 9
Physical Security 9
Anti-Virus Software 9
Delete or disabling unnecessary software 9
Disaster Recovery Plan 10
Power Backup 10
Network Area Storage 10
Seagate Business Storage STBN4000100 - NAS server - 4 TB 10
QNAP® TS-412 4-Bay Network Attached Storage Server For Home and SOHO, 16 TB 10
Cloud Management 11
Zerto – Cloud DR 11
Disaster Recovery: 11
Frequent Periodic Data Backups 11
Replication of logical disk volumes 11
Disaster Preventative Monitoring 11
Emergency Failover System: 11
Incident Response Team Plan 12
Incident Response Team Members 12
Incident Response Team Roles and Responsibilities 12
Information Security Office 12
Information Technology Operations Center 13
Information Privacy Office 13
Network Architecture 13
Operating Systems Architecture 13
Internal Auditing 14
Incident Response Team Notification 14
Executive Summary
This risk management plan is being produced by Stronghold Securities for managing risks for Mystar Hospice Care. This report introduces the project manager to what a risk management plan should consist, it is only the first of the 3 phase project risk management series.
Top Concerns
Vulnerable network infrastructure
Absent Information Security Policy
The list below contains the findings, weaknesses, or vulnerabilities discovered during the site security assessment. Some of the issues listed here are coalesced from more than one section of the assessment