Threats are the
potential violations of the security that exist when a circumstance or event
exists that is likely to breach the deployed security or cause any harm to the
information systems (Stallings, 2006). It can also be said that a security
threat is a possible danger through which the vulnerabilities on the
information system or network can be revealed.
Several threats are being experienced by the companies that have
implemented online services, especially when personal or critical information
is being added. From the case study in question, the first to the security of
ABC Healthcare is the continued development as well as the propagation of worms
and viruses. During the development stage of the institution’s network, the
managers are mandated to make sure that antivirus software that should be run continually
is present and the intrusion detection/prevention systems.
The company can
go for such antivirus software as the Kerspersky due to its ease of use and low
price that will not put a strain on their budget. The company must also be ready to pay a few
more coins for their intrusion detection/prevention systems so as to make sure
that there is adequate security for their information systems. The company can
opt to use an open source IDS/IPS but they should be very careful with this
because open source software for security may not be very reliable. The other
area that the company should address is pertaining to the trusted and untrusted
users and that will pertain to identification and authorization. The logging
into the company network by any party should go through a process of
identification and authorization so as to make sure that one has access to
information that they ought to access (Liang & Poor, 2009).
Because the
information is very sensitive, there is a need to make sure that the privacy of
patients is upheld with utmost care and caution. Hackers can leverage several ways to gain
entry into the company network but the company should have well trained IT
personnel who are able to identify any attack threats and counter them as
appropriate. Some of the signs of attack
on the network would include the denial of service that may challenge the
availability or integrity of the system.
ABC Healthcare should address that by making sure that a
defense-in-depth strategy is applied that puts into consideration all the
possible measures including people, technology and operations. A
defense-in-depth security technique is aimed at ensuring that if one security
mechanism is bypassed, the others can counter the threat or attack (Jajodia et al., 2011).
Any access to
the network from outside parties should be done in a secure manner. The ABC
Healthcare website should make use of port 443 for the users that are accessing
the network from outside so as to make sure that there is secure connectivity
to the network. Even though the
attackers can breach it or victimize the users, this technique helps to prevent
sniffing attacks and adds another security level. All the users should also be trained on how
to avoid being victimized, especially through social engineering.
2.
Discuss the way you will address requirements for
system monitoring, logging, auditing, including complying with any legal
regulations.(10 points)
I would propose
that first, the company begins with laying down the objectives of securing
their company network. That will give them a direction on how to go so as to
make sure that they achieve the security they anticipate for their network.
Conducting a security check will mandate the company’s security teams start
with a checklist. The checklist will assist them in making sure that they focus
on all the attack vectors or avenues of attacks. To make sure that they
understand all those attack vectors, carrying out a risk assessment will be of
paramount importance. Risk assessment is the third step in a risk management
stepwise process that entails planning risk management, identifying risks,
performing risk analysis planning risk responses, and finally monitoring and
controlling risks. Understanding the
potential hazards to which and the organizational network is exposed the first
step towards mitigating those risks.
Auditing can
also be useful in the company but they ought to make sure that they use an appropriate
technology or technique such as Microsoft’s event viewer. Through the event
viewer, the system administrators can any events that take place in the company
systems and record the log files. The administrators can keep track of the log
files so as to identify any suspicious activity on the corporate network so
that they can take necessary steps to stop any further action. When any issue arises, the system
administrators can use the Event Viewer to find out the source of the problem,
for instance why a certain service failed to start correctly. It is also
imperative to put disclaimers on the login screens that would inform the users
that they can be monitored when using a given IT asset.
Also, both HIPAA
and SOX require that ABC Healthcare comply with some audit requirements. HIPAA
requires that regular and continuous logging as well as monitoring of the
information systems that handle private health information be done. On the
other hand, the SOX compliance requires the company to carry out annual
internal control assessment on top of the logging containing complete audit
trails of the financial transactions that they ought to collect. Several things
that should be done by the company to ensure that compliance including setting
active directory audit policies put in place a security management system for
information and events; install a network based IDS/IPS; and deploy data loss
prevention software. When all those systems are collaborating, they help to
make sure that ABC Healthcare remains proactive in its security.
3.
Describe how the system will identify and authenticate all the users who attempt to access
ABC Healthcare information resources. (10 points)
Identification involves providing information to the system regarding
one’s unique identity that can be a name, a certain number or some characters
depending on how the system is designed. Those identities are unique for the
purpose of making sure that one’s identity is different from someone
else’s. Internal users such as nurses
and the external users like the business partners will be required to their
credentials as used during the registration before they can log into the
system. Paralegals like the collection agencies and banks may be required to
use Internet banking. The system must
authenticate the users using usernames, passwords of a combination thereof
using approaches that are appropriat5e for accessing sensitive parts of ABC
Healthcare network. Passwords of login
credentials will need to be defined based on the user’s location, department or
the group in which one belongs.
Biometrics is another authentication system that uses the physical
characteristics of a person for the purpose of authenticating the identity of
the user. The system is considered to be
the most secure form of authentication among all the other forms. The
biometrics system is based on various attributes such as facial or
fingerprints. The user’s profile is saved in the system and the users can use
it when they are entering or accessing restricted parts of the system. When the
users are attempting to engage in the system, the system then requests them to
provide some identification after which the system measures their physical
attributes before it then authenticates them.
For instance the biometrics system may request from the user their
fingerprints.
ABC Healthcare can also encrypt their data using secure socket layer or
digital certificates so as to make sure that the data they transmit through
untrusted networks is confidential and is not interrupted or tampered with. The company will need to have in place a
policy that defines how the confidential information of patients should be
transmitted via the trusted as well as the non-trusted networks. The system can
use the digital signatures so as to identify the source as well as the
destination of the information and that also ensures that the information gets
to the intended recipient (Murphy &
Badger, 1996).
In case the user wants to have access to more than one computer in the
system, the user will have to provide his/he rlogin credentials on the first
computer that then passes on information to the other systems that the user
wants to access. That also means that
the computers within the organization network ought to handle the user’s
authentication information reliably. That can help to save lives for instance
when a doctor is handling some emergency and wants to access the medical
records of the patient stored in the system. Other standardization methods that
may be used include open system environment and portable operating system
environment that helps to ensure there is transparent authentication across
various organizational networks. That
helps to make sure that efficiency and job performance is maintained.
4.
Discuss how
the system shall recover from attacks, failures, and accidents. (10 points)
The company must ensure that it adopts a policy that makes sure that
there is system availability all the time and that downtime can occur anytime.
That will drive the company’s IT personnel to keep the systems patched and
updated minus affecting the users and being able to quickly respond to the
cyber indents with minimum impact in the patients and other stakeholders. The
goal of building such a policy is to make sure that there is redundancy. In
that case, ABC Healthcare replicates its resources where necessary and ensures
parity to accomplish error correction.
To handle a power outage or failure, the company must have a generator
in place to handle IT infrastructure until the power is back. The generator should
be able to handle the infrastructure at less than half its capacity.
Another thing that is fundamentals for ABC Healthcare is a hot site that
would be used for offsite recovery. The company may outsource this to cloud
providers or other agency but that may turn out to be very expensive and
therefore go against its desire to minimize costs. If the company has structures in place, it
can be cheaper to use the available resource and achieve the desired security.
However, if the company has to buy everything from scratch and it does not have
proper skills and experience, moving into the cloud can be the better way to
go. That is because it will help the company to save a lot of money that would
have gone to purchasing the data storage equipment, the backup data and any
hiring of IT experts. In case the company losses i9ts data through viruses or
worms or in case the data gets deleted unintentionally, the backup can be used
to recover it.
The SIEM, IDS/IPS should help the company to detect and respond swiftly
to security incidents. However, there will be needed to come up with an
incident response policy that those tools can have usage in a most efficient
way. Every department is required to
have their business continuity plans so as to make sure that they are well
prepared to handle any security incidents that are aimed at disrupting their
normal operations (Wallace & Webber,
2010). In the plan all the
procedures on how to report the incident, responding to the incidents and then
identifying the lessons learned from the incident and then highlighting the
lessons learned so as to improve the plan. All that process will make sure that
the company can continue to work amidst interruption all that the aftermath of
the event is reduced.
The company should make sure that it focuses on prevention. Deploying
SIEM and IDS/IPS products successfully and ensuring that the firewalls are in
place, the internal systems are effectively patched and updated will help to
ensure that successful attacks are reduced by a great deal. The staffs training and awareness program can
also be incorporated here to remind the employees of the danger of opening
strange emails or clicking links to emails coming from the sources they do not
know, and how to encrypt the emails containing patient information. Should the
training now work as expected, the tools detecting events should be able to
detect any suspicious activities or security events on the network? When the IT
security personnel have been alerted to the events, they should be able to
respond swiftly and use the procedures outlined in the incident response to
address the events.
5.
Discuss how
the system will address User Account Management and
related security improvements. (10 points)
ABC Healthcare ought to make sure proper
policies, procedures, and standards are in place to help in managing the user
accounts and improve their network security.
Many times people tend to think that policies, guidelines, procedures,
and standards are all the same thing, but they are different. The policies are
the rules that are established by an organization or company, and they are the
basis for the creation of standards, procedures, and guidelines (Johnson, 2014). Policies do not have to
include the other three, but it is impossible to create standards, procedures,
and policies minus making references to specific policies which are governing
documentations. The standards are rules
that measure the way something should be thereby preventing the users from
saying that they did not know. They are
similar to the standard operating procedures in the military that offer
stepwise instructions as to how equipment should be operated.
ABC Healthcare ought to have policies in place
should they want to create a governing document the users need to follow. That
will create the rules to be followed by the company. Changing of policies
should be accompanied by the approval of the company leaders, otherwise
anything out of that will not bear any fruits.
The procedures are also established to make sure that the users follow a
certain process in ensuring that things are operating appropriately (Johnson, 2014). The standards will be created in the company
so as to help in understanding the way something should be completed.
The company can set different accounts for
different groups of users such as the internal users having different accounts
from those of the partners van help to ensure that proper control is
established for the access to various accounts.
The company will have to implement centralized account management system
with the aim of addressing the issue of account management. The company will be able to make sure that
the patients’ information is properly administered. That practice will also
help to make sure that information is being passed via the system in a
systematic manner because specific accounts are created and used for various
needs. That also maintains efficiency and eliminates any confusion that might
have arisen due to the existence of multiple accounts.
References
Jajodia, S., Noel,
S., Kalapa, P., Albanese, M., & Williams, J. (2011, November). Cauldron
mission-centric cyber situational awareness with defense in depth. In 2011-MILCOM 2011 Military
Communications Conference (pp.
1339-1344). IEEE.
Johnson, R. (2014). Security policies and
implementation issues. Jones & Bartlett Publishers.
Liang, Y., &
Poor, H. V. (2009). Information theoretic security. Foundations and Trends in
Communications and Information Theory, 5(4–5),
355-580.
Murphy, S. L., &
Badger, M. R. (1996, February). Digital signature protection of the OSPF
routing protocol. In Network
and Distributed System Security, 1996., Proceedings of the Symposium on (pp. 93-102). IEEE.
Stallings, W. (2006). Cryptography and network security:
principles and practices. Pearson Education India.
Wallace, M., &
Webber, L. (2010). The
disaster recovery handbook: A step-by-step plan to ensure business continuity
and protect vital operations, facilities, and assets. AMACOM Div American
Mgmt Assn.
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in college research paper services if you need a similar paper you can place your order for medical essay writing service online.
No comments:
Post a Comment