Risk management can be done by: (1) developing and implementing a risk management plan, (2) implementing security measures, and (3) evaluating and maintaining security measures (CMS, 2007). Risk analysis and risk management are ongoing processes; therefore, constant re-evaluation and monitoring are required to mitigate the …show more content…
This assessment draws attention not only the vulnerabilities that are present within the current system, but also offers solutions in order for the application to implement a defense in depth technological infrastructure regarding the new additions to the access control and authentication factors of the application database. iTrust at the moment is infected with bugs and access control issues that consequently compromise the PII of not only the employees that use the system for organizational purposes, but also patients whose sensitive information is installed within a database. Before the new requirements of application are implemented, it is recommended that the database application goes through a temporary disconnect of network traffic and access in order to close or mitigate common bugs that are present in the system. iTrust would also benefit from the implementation of an intrusion detection system in order to acknowledge, analyze and prevent anomalies or malicious network traffic. For the login information of the website, it is recommended that employees and patients that are responsible for PII be required to implement multi-factor authentication to allow for the iTrust application to successfully authorize the appropriate users to access sensitive medical