Using the scenario presented in Week Two and the templates provided in the resources below, complete the following: A 1- to 2-page Risk Registry accurately documenting the risk elements form the scen

CYB/207 v2

Create a Risk Registry using the template below to accurately documenting the risk elements form the scenarios that can be used to track issues throughout the project.

Risk Description for Risk Registry	Likelihood	Impact	Risk Owner	Resources Required	Estimated Completion Date
<Briefly describe the risk>	<Low, Medium, or High>	<Low, Medium, or High>	<List department or role>	<List hardware, software, personnel, and/or policy needed>	<Provide a date based on the risk complexity and today’s date>

Using the Assignment Scenario, complete the following worksheet.

Description of Vulnerability	Security Control Number and Name	Security Control Type	System Categorization for Risk Level Impact	Last Assessment Information	Asset	Assessment Method	Policy Alignment
<Describe the vulnerability>	<List the Security Control name and number>	<Common, System-Specific, Hybrid>	<High, moderate, or low>	<Identify any security assessments from the past>	<Describe the asset that will be tested>	<Identify at least one way you can test this asset>	<Indicate what security policy aligns with the asset>

PHI/EPHI Policy Template

Version:

Purpose:

This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal Heal information (EPHI), except as specifically permitted or required by HIPAA regulation.

Scope:

Policy:

1. <Provide accurate definitions used in the policy, like PHI.>

2. <State how data must be stored (e.g., encrypted).>

3. <Indicate covered entities.>

4. <Indicate the consequences for a confidentiality breach.>

5. <Indicate what standards the policy follows (e.g., NIST SP800-53).>