The challenge with information security planning is establishing security and risk management practices that safeguard patient information privacy and security against unauthorized threats while considering the implementation costs and impact on workflow. How do you evaluate the risk for these threats? What tangible and intangible costs are associated with implementing the roles and infrastructure necessary to manage these threats? These are just some of the aspects to consider when developing an information security planning strategy for an organization.

To prepare for this Discussion, review the information in the assigned readings and research several external sources from current peer-reviewed references to the following questions based on the Information Security Officer (ISO) role:

General Hospital is one of the most advanced tertiary care facilities in Georgia with an emphasis on excellence in clinical services, diagnostic facilities, and rehabilitative services. It is a 300 bed hospital with all major specialty departments.

· 1a. Provide at least two examples of possible data breaches for this setting and describe the components of a risk assessment analysis, including risk profile and reporting, for these security threats.

· 1b. How would a risk assessment help identify potential information security concerns?

· 1c. What evidence-based risk management strategies would you use to address these security concerns based on your analyses and balancing cost and usability?

Provide your rationale and evidence from peer-reviewed sources to justify your argument. Please include a salutation in your discussion assignments and include citations in the narrative as well as the bibliography.