Background and Reference Material

Background and Reference Material

The National Institute of Standards and Technology (NIST) sets standards for the United States, and especially for the Federal government. The Federal Information Security Management Act of 2002 (“FISMA”) required risk-based management of security for Federal information systems. NIST produced a Guide for Conducting Risk Assessmentsin 2002 that was revised in 2012.

You will find the revised guide here:  

Although the PDF document is about 100 pages, there are only 38 pages in the guide proper. You will need to review at least a few of the appendices for this assignment in addition to reading the Guide.

You can find more background material with Google and especially Good Scholar. Please note that you can set a date range with Google Scholar, and so get only material published after the rule changes were announced. Try to find at least one publication that is a peer-reviewed scientific journal.

Questions to answer:

  1. What was the target audience of this document, and how does it apply to health care institutions? To vendors of health care information technology? [25 point]
  2. What are the key concepts of risk, risk assessment, risk management, and risk communication? [25 point]
  3. What are the essential elements of a risk assessment reports? [25 point]
  4. Appendix D of the Guide divides threat sources into categories of adversarial, accidental, structural, and environmental. Based on your reading to date, which category to you believe represents the biggest danger to health information technology? Support your choice with arguments from the Guide and at least one other source. [25 point]

Submission requirements:

  1. Times New Roman, 12 font size, Double-space, Margin 1″. No more than 4 pages not counting the “Works Cited” page.
  2. Be sure to have in-text citation, and Works Cited page. You can use Google Scholar or other online citation generation tools to generate citation in MLA format.
  1. Name your file as “LastName_6533_written2” or