It is necessarily required to actively manage the identified risks occurring to the information assets by appropriate administrators or data owners for prioritizing remediation efforts and resources. Risk assessments are part of an ongoing risk management process. Risk assessments provide the basis for prioritization and selection of remediation activities that should be used for monitoring the efficiency of security controls.
Discussion
Recommend Changes to the Company's Security Management Policies
The HIPAA Privacy Rule is enforced by the Office for Civil Rights, which is responsible to protect the privacy of health information of individuals. The HIPAA Security Rule, designs national standards for providing the security measures to electronic protected health information and the privacy requirements of the Patient Safety Rule, that secures individual information being utilized for analyzing events of patient safety and improve safety of patients (Yves, Cuppens and Jajodia, 2004).
The policy of risk management security is based on the tasks of prevention and response. There are some incidents that are not easy to prevent, because of this, it seems to be quite difficult to develop a response in order to bring changes to the company's security risk policies. When a company is indented to implement changes to prevent a security incident, it should emphasize to design the policies as restrictive as possible. However, the excessively restrictive policies can go wrong (Yves, Cuppens and Jajodia, 2004).
Systems and Applications
Both the physical and virtual systems and data should be protected. A number of high availability software solutions and host-based replication are available that can be used in order to provide protective measures to both physical and virtual systems and data. These data include database servers and file servers or application and reside in DAS, NAS or in SAN. By using a single solution, company will be able to secure IT infrastructure and by minimizing the risks and it will ultimately increase IT productivity.
Replication software is mostly used to data offsite, applications systems, copy, and to the Cloud for the purposes of disaster recovery. It will help to synchronize the production of virtual machines (VMs) and increase the storage in a continuous (real-time) manner and storage with replica VMs and harmonize intermittent backups. High Availability software establishes similar replication operations and adds applications and systems to monitor with usual push-button failback and failover for constant accessibility and rapid system reinstatement. High Availability solutions are mostly organized in the data center combined with the production servers, but still it can be organized in the Cloud or at any remote site or to tackle both disaster recovery requirements and business continuity (Roger and Smith, 2007).
These software solutions should be used to migrate from physical to virtual servers more easily and quickly. Entire physical server system is replicated by these solutions and application to an offline VM that can be carried online automatically or manually with the help of end-user redirected by push-button failover. This ability of software permits IT to manage the migration during the hours of normal business and at the ...