Describe five vulnerabilities associated with the IT system as described and before security controls are implemented....

Part a).

Vulnerabilities before security controls were executed:

·       Hazard or danger of vindictive assaults on the system:

·       No security for information/data from burglary

·       Danger of being hacked

·      Unapproved access to the system

Part b).

Vulnerability:

·      Hazard or danger of vindictive assaults on the system

Risk associated: 4 out of 5.

Probability of Occurrence: LOW

Consequence: Loss of data, system failure, etc.

·      No security for information/data from burglary.

Risk associated: 5 out of 5.

Probability of Occurrence: High

Consequence: Data leaked, information loss, etc.

·      Danger of being hacked.

Risk associated: 4 out of 5.

Probability of Occurrence: Very high

Consequence: Information loss, financial loss, etc

·      Unapproved access to the system.

Risk associated: 2 out of 5.

Probability of Occurrence: Medium

Consequence: Privacy compromised.

·      No security from the programs that could be tainted

Risk associated: 3 out of 5.

Probability of Occurrence: Low

Consequence: Bugs, slow network, or system.

Part c).

Hazard or danger of vindictive assaults on the system.

·      Risk reduction: Using a security system such as firewall (It will provide the layer of protection), defragmentation (Keeping information in fragments make it hard to) etc.

·      Transference & Avoidance: Proper security measure is the only solution, such as malware, spyware etc.

·      Acceptance: It can't be accept as it is a serious threat

No security for information/data from burglary.

·      Risk reduction: Using a security system such as firewall (It will provide the layer of protection), defragmentation (Keeping information in fragments make it hard to steal) etc.

·      Transference & Avoidance: Proper security measure is the only solution

·       Acceptance: It can't be accept as it is a serious threat.

Danger of being hacked.

·      Risk reduction: Using a security system such as firewall (It will provide the layer of protection, and make hard to hack a system), defragmentation (Keeping information in fragments make it hard to) etc.

·      Transference & Avoidance: Using proper security measure is a good solution.

·      Acceptance: It can not be accept, it need to reduce or eliminate completely

Unapproved access to the system.

·      Risk reduction: Using proper security measure is a good solution.

·      Transference & Avoidance: Firewall, proper security system can be used.

·       Acceptance: It is not that dangers, but it cant be accepted as it can compromise the privacy.

No security from the programs that could be tainted

·      Risk reduction: Time to time scan, preventive measure is fine solution.

·      Transference & Avoidance: Time to time scan can reduce this risk

·       Acceptance: It cannot be accept, it need to reduce or eliminate completely, as it could freeze the system.

Part d).

Maximum annual cost can't be determined as it depend upon the hospital total budget, size of the hospital, and size of network hospital is using and security the have implement to deal with it, albeit no matter the cost, it will always going to be less than the loss occur in case of cyberattack, so it a necessary investment need to make, just like a insurance.

Explanation:

Part a).

Vulnerabilities before security controls were executed:

·       Hazard or danger of vindictive assaults on the system: This can lead to loss of data, and system failure.

·       No security for information/data from burglary: this can leads to Data leaked which might affect the companies growth

·       Danger of being hacked: It a serous threat can cause big information loss, financial loss etc.

·       Unapproved access to the system: A user privacy can get compromise.

No security from the programs that could be tainted: It could stop the system from functioning.

Part b).

Part c).

Part d).

Greatest yearly expense can't be resolved as it rely on the emergency clinic all out financial plan, size of the medical clinic, and size of system emergency clinic is utilizing and security the have actualize to manage it, but regardless of the cost, it will continually going to be not exactly the misfortune happen if there should arise an occurrence of cyberattack, so it a vital speculation need to make, much the same as a protection.