Some of the many risks that are associated with information technology include, budgetary risk, program management risk, inventory risk, supply chain risk, investment risk, safety risk, legal liability risk, and security risk just to name a few. This paper will do a risk assessment of on a business scenario on citizen wellness proposed to a health care company. The paper will identify three threats and vulnerabilities that affect a citizen wellness program. Further, it will detail these threats and vulnerability extensively and how they apply to the business. Finally, the paper will specify countermeasures that the business can use to negate these threats and vulnerability. Specifically the paper will review the above through the following guidelines: NIST 800-30: Risk Management Guide for Information Technology Systems, NIST 800-53: Recommended Security Controls for Federal Information Systems and Organizations, NIST 800-39: Managing Risk from Information Systems: An Organizational Perspective and NIST 800-64: Security Considerations in the System Development Life Cycle.
The background of the business scenario is as follows. A health care company would like to do a review on ACMEs security program, including its procedures, and security policies. The main aim for this review is to make sure that ACME Co. can provide an individualized citizen wellness programs to the health care company’s subscribers and that these customers can be authenticate whenever they desire to access the program. ACME Co. specializes in Web sites hosting both for public and private entities. An Information Technology manager of ACME Co. is assigned to work with the health care companys ISSO the idea being to create a detailed list of business needs for security for the health care company. The Chief Information Officer at ACME Co. also directs the IT manager to evaluate the existing ACME Co. enterprise architecture documents with the aim of identifying any additional