Competency
In this project, you will demonstrate your mastery of the following competency:

Develop risk analysis and mitigation plans
Scenario
You are the IT risk assessment lead at Health Network, Inc., a health services organization headquartered in Tampa, Florida. Health Network has over 700 employees throughout the organization and generates $500 million in revenue annually. The company has two additional locations in Seattle, Washington, and Arlington, Virginia. These locations support different aspects of corporate operations. Each facility is located near a data center, where production systems are located and managed by third-party data-center hosting vendors.

Health Network has three main products:

HNetExchange is the primary source of revenue for the company. The service handles secure electronic medical messages that originate from its customers, such as large hospitals, which are then routed to receiving customers such as clinics.
HNetPay is a web portal used by many of the company’s HNetExchange customers to support the management of secure payments and billing. The HNetPay web portal, hosted at Health Network production sites, accepts various forms of payments and interacts with credit-card processing organizations, much like a web commerce shopping cart.
HNetConnect is an online directory that lists doctors, clinics, and other medical facilities to allow Health Network customers to find the right type of care at the right locations. It contains doctors’ personal information, work addresses, medical certifications, and types of services that the doctors and clinics offer. Doctors are given credentials and are able to update the information in their profiles. Health Network customers, which are hospitals and clinics, connect to all three of the company’s products using HTTPS connections. Doctors and potential patients are able to make payments and update their profiles using internet-accessible HTTPS websites.
Health Network operates in three production data centers that provide high availability across the company’s products. The data centers host about 1,000 production servers, and Health Network maintains 650 corporate laptops and company-issued mobile devices for its employees.

A previous risk assessment identified the following threats:

Potential loss of data due to inappropriate hardware decommission
Potential loss of protected health information (PHI) from lost or stolen company-owned assets, such as mobile devices and laptops
Potential data loss due to corrupt production data resulting from a systems outage
Internet threats from hackers and other malicious actors
Insider threats due to social engineering, installation of malware and spyware
Changes in the regulatory landscape that may impact operations