Security System Evaluation and Remediation
As the chief information security officer (CISO) of Fielder Medical Center (FMC), I have been tasked to review a security assessment report provided by an external consulting firm.
Last updated: July 28, 2025
Quick Links
Project Overview
The report identifies potential compliance issues requiring the system security plan (SSP) to be updated, including some security controls in place or planned for system requirements. This assessment is because FMC wants to improve its data management with its digitization goals. The data being stored is sensitive and may contain personally identifiable information. As FMC’s CISO, I will be responsible for identifying and developing a strategy to address the risks identified in the attached “Security Assessment Report for Fielder Medical Center” provided by the external consulting firm. This paper will outline the confirmation or rejection of the findings by evaluating the focus points of the security assessment report, and will also develop a remediation plan for compliance based on the NIST SP-800-53 revision 5.
Key Findings
- •Control Framework Misalignment
- •Inadequate Data Protection Measures
- •Legacy Infrastructure Risks
- •Workstation Endpoint Security Gaps
- •Lack of Multifactor Authentication (MFA)
- •Weak Identity and Access Management (IAM)
Techniques & Methodologies
Want to dive deeper?
Check out the full technical documentation and detailed analysis.