○ Vulnerability Name: Describe particular weaknesses or flaws in security that could be exploited by a threat source to cause a security violation
or breach.
○ Threat Source: Describe the threats that could take advantage of the vulnerabilities. Consider the four categories of threats—adversarial,
accidental, structural, and environmental—as well as more specific examples such as external and internal threats, users, visitors, viruses,
natural hazards, and so on.
○ Departments Impacted: Identify the departments impacted by the crisis with a brief explanation of how each is impacted.
○ Noncompliance: Explain how the identified vulnerabilities lead to risks of potential noncompliance with HIPAA privacy and security regulations.
○ Likelihood of Occurrence: Determine if the likelihood of occurrence is high, medium, or low.
○ Impact Severity: Determine if the impact severity is high, medium, or low.
○ Risk Level: Determine if the risk level is high, medium, or low.
○ Recommended Best Practice: Give recommendations for the best new safeguard(s) that can reduce further risk from the vulnerabilities. These
safeguards may include policies, procedures, software, and so on.
Explain what the highest-priority vulnerability is that the organization needs to address to ensure compliance with HIPAA privacy and security
regulations.
Use your risk assessment to justify why this is the highest priority.
Sample Solution
