Healthcare companies, like ABC Health care, that operate as for-profit entities, happen to be facing a multitude of challenges.
The regulatory environment is becoming more restrictive, infections and worms are developing more pervasive and damaging, and DASAR Healthcare’s stakeholders are demanding more flexible access to their devices. The health-related industry is experiencing significant regulatory demands that require prudent information security and systems management practices. Furthermore, the continued pressure to reduce price requires that management give attention to streamlining businesses, reducing administration overhead and minimizing man intervention. The regulatory focus at ABC Healthcare can be on the Health care insurance Portability and Accountability Action (HIPAA) and Sarbanes-Oxley (SOX).
Both bits of legislation spotlight the need for very good systems government and settings, but give attention to different aspects with the business. The main objective of HIPAA is to protect personally identifiable information about health while SOX is concerned with data that impacts monetary reporting. Violations may be hit with both detrimental and felony penalties.
Therefore , the company must be ever careful of new threats to their devices, data, and business businesses. The most common security related threat to on-going organization operations is definitely the continued development and propagation of infections and earthworms. Virus and worm reduction or hold is a essential component to the general risk mitigation strategy.
Disease and earthworm outbreaks have got multiple expense aspects for the company including lost sufferer charges due to system unavailability, lost productivity because of restoration efforts because of infection, and potential regulatory impacts depending on virus or worm payload. However , the corporation must equilibrium risk with opportunities to be able to serve the stakeholders and grow the organization. ABC Healthcare’s stakeholders incorporate multiple groupings that be based upon or want access to scientific and/or monetary systems to be able to help support and increase the company.
The access requirements and associated risk style varies by simply user group. The main access groups happen to be internal simply users (i. e. nursing staff, hourly staff, etc . ), internal/remote users (i. at the. salaried workers, doctors, and so forth ), and business lovers (i. e. collection agencies, banks, etc . ). Risk minimization solutions should be developed for every single user group to help ensure that the company acknowledges the benefit that every group brings and to minimize the risk to business businesses.
The high-level management desired goals of the network design setup are as follows: Support the business enterprise and harmony security requirements without presenting significant cost to do business and intricacy; Maintain and enhance secureness without considerably increasing administration overhead or complexity; Put into action systems which might be industry backed (standards where appropriate), scalable, and fault-tolerant; Ensure that the structure is applied to help make sure compliance with any and all suitable regulations; Appropriate management of access control for genuine users and malicious users is of the utmost importance intended for the security in the ABC Health-related management system. The threat is usually not restricted to outside malicious users but also legit users engaged in illegitimate activity.
Based on the above mentioned description you are to supply a recommendation of how you would talk about each of the subsequent ABC Healthcare’s computer network security requirements. Note, although cost is typically an important factor, this is simply not a consideration just for this case evaluation. Therefore , you do not have to include cost estimates.
Your solution needs to have the “right feel”, inspite of the lack of depth or particulars necessary to become accepted by simply upper managing. Be certain in your answers. Write these people as if you had been writing a proposal to your boss. As you are developing a solution to a particular circumstance, materials that is copied from another source will never likely suit so every thing should be in your own words. 1 . Describe your technical suggestion for addressing the security requirements in the total technical type of the FONEM Healthcare network.
This should contain both external and internal (untrusted and trusted) factors. Untrusted might include end user connectivity online. The “trusted” network provides the main reason for supporting the business enterprise functions of known organizations (i. e. partners, suppliers, etc . ) which have a company relationship while using company.
Be aware that you should be concentrate on the physical and logical level, including the sort of hardware and software, however you are not supposed to provide particular low level details in terms of tools suppliers or model numbers, etc . for your recommended style. (30 points) 2 . 3. Discuss how you will talk about requirements for system monitoring, logging, auditing, including complying with any kind of legal rules. (10 points) 4. Illustrate how the program will identify and authenticate all the users who make an effort to access DASAR Healthcare details resources. (10 points) a few. Discuss the way the system shall recover from problems, failures, and accidents. (10 points) 6th. Discuss how a system is going to address Consumer Account Management and related security advancements. (10 points) 7. Total the Internet Security Action Plan (see attached spreadsheet) (30 points)