Considering a hospital information management system, the medical records of patients of hospital

are centrally managed and stored on the main server. As part of formal risk assessment, you have

identified the asset $$confidentiality of medical records of patients of hospital on the server$$ and the

threat $$theft of medical information of patients$,$ you are required to $1)$ perform risk analysis and

create a risk register for the asset; $2)$ develop an attack tree for gaining access to the content of

medical records. $(10$ marks$).$