Security Risk Analysis And Management Report

Information security risk analysis and management report (Individual Assignment, 50 points)

Risk analysis and management is one of the first steps health care providers should take to protect patients’ electronic protected health information (ePHI). In week 3, you developed an implementation plan for Dr. Jim Smith’s office, which has been used to help them successfully implement an EHR system. In this assignment, you will conduct a risk analysis for his office and identify measures to mitigate risks associated with its health information system.


  1. Identify six threats or vulnerabilities, including natural, human, and environmental threats as well as technical and non-technical vulnerabilities.
  2. For each threat or vulnerability, using a scale of low, medium, high, rate (1) its likelihood of occurrence and (2) its impacts on ePHI. Please provide explanations of your ratings and discuss how the threat/vulnerability can affect ePHI.
  3. Based on ratings of threat/vulnerability likelihoods and impacts, use the following chart to rate the level (low, medium, high) of each risk associated with ePHI.
LowLow RiskLow RiskLow Risk
MediumLow RiskMedium RiskMedium Risk
HighLow RiskMedium RiskHigh Risk
  1. For each risk, identify administrative safeguards, physical safeguards, and technical safeguards that Dr. Smith’s office can employ to mitigate it.

As we don’t have much information about Dr. Smith’s office in this instruction, feel free to make reasonable assumptions about its current status in your report.


  • you can find an introduction of risk analysis in the following video:
  • You can find the definitions and categories of threats, vulnerabilities, and risks on the following webpage:

  • The textbook, especially page 308-311, provides a guideline of risk analysis and management as well as examples of vulnerabilities and their mitigation strategies.


  • The total length is 2-3 pages (single spaced; 12 font), with 1/3-1/2 page for each threat or vulnerability, including its description, likelihood and impact assessments, and protection safeguards. References list is excluded from the page count.
  • Provide appropriate sub-titles.
  • A complete list of references should be included at the end of your paper, following APA format.
  • Plagiarism is not acceptable and should be avoided.

Grading Rubric:

This report clearly identifies major threats/vulnerabilities, reasonably assess their risks, and proposes detailed and actionable protection measures for the doctor’s office to take.20 points
This report is well-written and well-developed, covering all of the requirements.20 points
This report is well-organized following the report structure, using titles, headings, and numbering, appropriately.5 points
The report provides a complete list of references which is properly formatted using APA style.5 points


Approximately 250 words