I haven’t had an experience where I was being unable to maintain CIA of the workplace’s information system; however, with the current deficient administrative safeguards, I assume that my institution is vulnerable to improper access control such as disclosing usernames and passwords of certain applications for health service and office management.
I think the HIPAA security code of conduct has regulated a set of security rules where each specification of administrative, physical, and technical safeguards is required to be had, of course in my office. Thanks to this course, I am planning to execute a risk analysis to overview to what extent the level of CIA is performed by my organization.