Based on the Assignment Scenario, determine the risk associated with the vulnerabilities. Use NIST SP 800-30 to calculate the risks for each vulnerability.

Part 1 Report Risk

Develop a 2- to -3-page Security Assessment Report (SAR) using the Wk 4 Assignment Template. The Security Assessment Report (SAR) should include the following for each vulnerability:

Vulnerability title

Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database

Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI

Vulnerability #3: An unauthorized access to client accounts through the companys login website via the cracking of weak passwords

A precise vulnerability description

Likelihood

Impact

Overall risk level

Logical recommendations for mitigation

Part 2 Communicate the Risk to Leadership

Develop a 10- to 12-slide Microsoft PowerPoint presentation documenting the risks for each vulnerability to be presented to the leadership of Health Coverage Associates.

(Please give wording)

The presentation should include:

An introduction slide

A description of each of the three vulnerabilities

An accurate illustration of the NIST SP-30 5x5 matrices

A description of the likelihood and impact, with a justification of that determination (e.g., very low, low, moderate, high, very high)

An illustration of the overall, high watermark level of risk (e.g., very low, low, moderate, high, very high)

A logical recommendation for mitigation actions, including an explanation of risk tolerance and risk acceptance for the organization

A conclusion slide

Detailed speaker notes

Be sure to include supportive graphics and appropriate backgrounds and styles. All references need to adhere to APA guidelines. Images should not be copied, unless author permission is obtained or copyright-free images are used.