Risk Management

Information Security Assessment Methodology

1. Planning
Critical to a successful security assessment, the planning phase is used to gather information needed for assessment execution—such as the assets to be assessed, the threats of interest against the assets, and the security controls to be used to mitigate those threats—and to develop the assessment approach. A security assessment should be treated as any other project, with a project management plan to address goals and objectives, scope, requirements, team roles and responsibilities, limitations, success factors, assumptions, resources, timeline, and deliverables.

2. Execution
Primary goals for the execution phase are to identify vulnerabilities and validate them when appropriate. This phase should address activities associated with the intended assessment method and technique. Although specific activities for this phase differ by assessment type, upon completion of this phase assessors will have identified system, network, and organizational process vulnerabilities.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a comprehensive law affecting institutions and departments that deal with protected health information.

Requirements
HIPAA includes requirements to protect the security, integrity, and confidentiality of this health-related information. These requirements apply to departments at Purdue that have been officially designated by the HIPAA Privacy Compliance Office as covered by HIPAA. To be HIPAA compliant, departments must develop, implement, and enforce a comprehensive security program including administrative, technical, and physical safeguards as determined appropriate for the institution and data. In addition to developing their own safeguards, departments are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

The Gramm-Leach-Bliley Act of 1999 is also known as the Financial Services Modernization Act. It is intended to protect consumers and customers who obtain "financial products or services to be used primarily for personal or other household purposes". The Risk assessment is an important element of GLBA and the Federal Trade Commission has identified four areas that must be addressed:

(1) Information Systems,
(2) Employee Management and Training,
(3) Managing System Failures and
(4) Service Providers.

Download Free Project and Software Testing Strategy Template

1. Introduction

Objectives
This document defines the Clinical Dashboard Project Test Strategy and approach of incremental testing stages required to ensure the acceptability of the delivered solution. It covers all phases and releases. The foundation of the test and acceptance processes will be based on Clinical Dashboard existing Guidance. These processes will need to be enhanced to embrace the acceptance statements and criteria within the document.

Scope
This Test Strategy will cover the following:
- Identifying the successive types of testing to be undertaken throughout the lifecycle of development to live operations
- Details of the ongoing testing of service enhancement and change
- The scope of each type of testing
- Identifying how common expectations and testing standards are to be achieved for all types of testing
- The high level technical, resource and environmental requirements required
- The key testing and quality assurance procedures that will be required.

Download Free Financial Risk and Control Self Assessment Templates

- Does the school have any finance guidance manuals?
- Who is familiar with the contents?
- Is there a School Improvement Plan containing costed proposals, which are linked to the budget plan?
- Did the last budget preparation process incorporate consideration of future influences on income and expenditure, such as demographic change, and any balance rolled forward from the previous year?
- Was the budget formally ratified by the Governing Body, and appropriately minuted?
- Was the budget input form submitted to the Education & Leisure Finance Section by the due date and appropriately signed?
- Have working papers been retained which show how the budget estimates were arrived at?
- Is the day to day budgetary position checked before orders are approved?
- Does the school record committed expenditure, e.g. purchase orders, supply teaching costs and staff training courses etc?