Healthcare companies. like ABC Healthcare. that operate as for-profit entities. are confronting a battalion of challenges. The regulative environment is going more restrictive. viruses and worms are turning more permeant and detrimental. and ABC Healthcare’s stakeholders are demanding more flexible entree to their systems.
The health care industry is sing important regulative force per unit areas that mandate prudent information security and systems direction patterns. Furthermore. the continued force per unit area to cut down cost requires that direction focal point on streamlining operations. cut downing direction operating expense and minimising human intercession. The regulative focal point at ABC Healthcare is on the Health Insurance Portability and Accountability Act ( HIPAA ) and Sarbanes-Oxley ( SOX ) . Both pieces of statute law highlight the demand for good systems disposal and controls. but focus on different facets of the concern. The chief focal point of HIPAA is to protect personally identifiable wellness information while SOX is concerned with informations that impacts fiscal coverage. Misdemeanors may be met with both civil and condemnable punishments. Therefore. the company must be of all time alert of new menaces to their systems. informations. and concern operations.
The most prevailing security related menace to ongoing concern operations is the continued development and extension of viruses and worms. Virus and writhe bar or containment is a critical constituent to the overall hazard extenuation scheme. Virus and writhe eruptions have multiple cost facets for the company including lost patient charges due to system inaccessibility. lost productiveness because of recovery attempts due to infection. and possible regulative impacts depending on the virus or worm warhead. However. the company must equilibrate hazard with chances in order to function the stakeholders and turn the concern.
ABC Healthcare’s stakeholders include multiple groups that depend on or necessitate entree to clinical and/or fiscal systems in order to assist support and turn the company. The entree demands and associated hazard theoretical account varies by user group. The chief entree groups are internal merely users ( i. e. nurses. hourly employee. etc. ) . internal/remote users ( i. e. salaried employees. physicians. etc. ) . and concern spouses ( i. e. aggregation bureaus. Bankss. etc. ) . Risk extenuation solutions must be developed for each user group to assist guarantee that the company recognizes the benefit that each group brings and to minimise the hazard to concern operations. The high-ranking direction ends of the web design execution are as follows:
Support the concern and balance security demands without presenting important operating expense and complexness ; Maintain and heighten security without significantly increasing direction operating expense or complexness ; Implement systems that are industry supported ( criterions where appropriate ) . scalable. and fault-tolerant ; Ensure that the design is implemented to assist guarantee conformity with any and all applicable ordinances ; Proper direction of entree control for legitimate users and malicious users is of the extreme importance for the security of the ABC Healthcare direction system. The menace is non limited to outside malicious users but besides legitimate users engaged in illicit activity.
Based on the above description you are to supply a recommendation of how you would turn to each of the undermentioned ABC Healthcare’s computing machine web security demands. Note. whereas cost is typically an of import factor. this is non a consideration for this instance analysis. Therefore. you do non necessitate to include cost estimations. Your solution should hold the “right feel” . despite the deficiency of deepness or inside informations necessary to be accepted by upper direction. Be specific in your replies. Write them as if you were composing a proposal to your foreman. Since you are developing a solution to a specific circumstance. stuff that is copied from an outside beginning will non likely fit so everything should be in your ain words.
1. Describe your proficient recommendation for turn toing the security demands in the overall proficient design of the ABC Healthcare web. This should include both internal and external ( untrusted and trusted ) facets. Untrusted would include user connectivity to the Internet. The “trusted” web has the chief intent of back uping the concern maps of known entities ( i. e. spouses. providers. etc. ) which have a concern relationship with the company. Note that you are to concentrate on the physical and logical degree. including the type of hardware and package. nevertheless you are non expected to supply specific low degree inside informations in footings of equipment providers or theoretical account Numberss. etc. for your recommended design. ( 30 points )
2. Discourse the manner you will turn to demands for system monitoring. logging. scrutinizing. including following with any legal ordinances. ( 10 points )
3. Describe how the system will place and authenticate all the users who attempt to entree ABC Healthcare information resources. ( 10 points )
4. Discourse how the system shall retrieve from onslaughts. failures. and accidents. ( 10 points )
5. Discourse how the system will turn to User Account Management and related security betterments. ( 10 points )