CS651_KristineCameron_IP2.doc

docx

School

Colorado Technical University *

*We aren’t endorsed by this school

Course

651

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

16

Uploaded by MinisterSeal8216

Report
Computer Systems Security Foundations: CS651 Security Management Document Kristine Cameron 11 January 2023
Security Management Document 2 Table of Contents Week 1: Introduction to Information Security ............................................................................................. 3 Company Description .............................................................................................................................. 3 Information Security Needs, Risks, and Benefits .................................................................................... 3 On-Site Consultant Challenges ................................................................................................................ 5 Company IPO Challenges ........................................................................................................................ 5 Week 2: Security Assessment ...................................................................................................................... 7 Typical Assets ......................................................................................................................................... 7 Current Non-Network Segregation Risks ................................................................................................ 8 Consultant Network Created Risks .......................................................................................................... 9 Risk Tests and Security Assessment ......................................................................................................... 9 Risk Mitigation ...................................................................................................................................... 11 Week 3: Access Controls and Security Mechanisms ................................................................................. 12 Week 4: Security Policies, Procedures, and Regulatory Compliance ........................................................ 13 Week 5: Network Security ........................................................................................................................ 14 References ................................................................................................................................................. 15
Security Management Document 3 Week 1: Introduction to Information Security Company Description This Security Management Document will cover the information security needs, risks, and benefits for Jackson Purchase Medical Center located in the heart of Mayfield, Kentucky. This facility opened its doors in 1993 and offers 107 private rooms for its patients. Jackson Purchase offers both emergent and elective inpatient and outpatient services. These include a New Beginnings Birthing Center, an Advance Healing Wound Care Center, and a state-of-the-art Chest Pain Center ( Jackson Purchase Medical Center , n.d.). This medical center offers fourteen beds in its Emergency Department (ED), not including their triage room, and has set their goal to thirty minutes from the time the patient walks into the ED until they exit ( Jackson Purchase Medical Center , n.d.). While every situation is different, this is the goal that is set for Jackson Purchase and the eight counties that it provides quality care for. Information Security Needs, Risks, and Benefits A case study has been initiated for this growing medical center, showing that the security posture of the company is in need of updating due to its rapid growth over the last few years. This has led to an initial public offering (IPO) requiring new regulatory requirements to be met by the company. Thus a review of the current information security that is in place needs to be conducted in order to successfully expand the current infrastructure, enabling the company to operate more efficiently, and yet still maintain an environment that is secure. The need for an update of information security is greatly needed in the ED at Jackson Purchase Medical Center. Though the ED is set aside for emergency situations, this is no excuse for a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 4 violation of the Heath Insurance Portability and Accountability Act (HIPAA) which protects the patients’ private health information. This act protects a patients’ private information, restricting who can have access to the medical records. In addition to the doctors and nurses that are providing care for the patients, various registrars also have access to this information. Often times in the ED, the registrars are the first point of contact that a patient sees who has full access to their records. To ensure public health and safety, HIPAA also recognizes other various authorities to have access to personal medical files. These can include public health authorities, such as the Centers for Disease Control and Prevention (CDC), foreign government agencies in collaboration with a public health authority, and any persons that may be in risk of spreading or contracting a disease ( Office for Civil Rights BULLETIN: HIPPA Privacy in Emergency Situations , 2014). There are numerous risks to information security at the Jackson Purchase Emergency Department due to the fact that it is such a high-volume traffic area. With the lack of medical facilities available to patients in the evenings and on weekends, most of these patients end up in their local emergency room. This tends to make the ED one of the most stressful and challenging areas in any hospital. Not only are the nurses and registrars challenged to ensure that all patient information is secure, they are also hidden security dangers that can come in the form of the individuals that come into the ED. Some of these risks are as follows ( Solving Emergency Department Security Challenges, 2020): Patients or visitors who are under the influence of drugs or alcohol. The circumstances that can arise from victims of gunshot wounds and/or gang violence. Patients suffering from mental health behaviors.
Security Management Document 5 Domestic violence patients who are followed into the ED by their abusers. Patients escorted into the ED by law enforcement officials. The ED can benefit from a new update of the security posture by implementing access controls that would limit the access of emergency patients from other parts of the hospital, keeping the ambulance entrance separated from the walk-in entrance and waiting room, providing a security staff to provide protection to the registrars, nurses, and other care providers, and having a rapid lockdown program in place in the event of emergencies ( Solving Emergency Department Security Challenges, 2020). On-Site Consultant Challenges While on-site consultants can bring their knowledge and expertise to a project such as this, their agenda oftentimes does not match that of the hospital staff that they are consulting. Because the consultant’s behavior may be influenced and driven by a variety of motives, it can be challenging for them to work with project managers without conflict arising (Davidson, 2009). Although one of the biggest challenges when it comes to on-site consultants in the ED is that this department is almost always constantly busy. With the tasks of checking in patients, running back to get paperwork signed, taking payments, and filling out countless forms, there isn’t time to breathe, let alone have the time to sit down with a consultant to discuss changes to the company’s IPO. Company IPO Challenges As with any IPO taking place, this process can be extremely complex and be faced with multiple challenges for the company. According to Deloitte, here is a list of a few of the challenges that
Security Management Document 6 Jackson Purchase Medical Center will face with the recent IPO taking place ( IPO Challenges and Sarbanes-Oxley Readiness , n.d.): There can be poor planning involved on the part of the company in meeting the new regulations and requirements. The company may not have sufficient funds at their disposal in order to meet the financial requirements of the IPO. Jackson Purchase may not have leadership in place with the experience necessary to manage the IPO process. The company’s internal controls may be too weak in order to manage all of the complexities that the new IPO brings to the table.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 7 Week 2: Security Assessment Typical Assets There are so many different assets that can be found within a single health care facility, and in that regard, Jackson Purchase Medical Center is no different. The largest portion of a hospital’s assets will fall into the category of fixed assets. This category of assets contains mostly the medical equipment that can be utilized in the diagnosis, treatment, surgeries, and recovery (SeventhQueen, 2022). These assets come in the form of patient monitors, respiratory machines, X-ray machines, diagnostic equipment, mobile beds, wheelchairs and many more. Of course a hospital’s assets do not just stop at medical equipment. There are physical infrastructures and systems that are also included in this category. Heating and air-conditioning units, refrigeration systems, ventilation systems, plumbing, electrical, generators and other systems ( How a Hospital Asset Management Plan Can Improve Quality Care – AkitaBox , 2020) are all assets that are found within Jackson Purchase. ( CenTrak / Optimized patient Flow with Human & Asset Tracking in the ER , n.d.)
Security Management Document 8 With all of these assets available to the medical center, there has to be a way to track all of them. This is why most hospitals, including Jackson Purchase, have an asset tracking program in place in order to keep track of their assets. This is especially true for the medical equipment that is utilized in the facility, which tends to be extremely expensive. The Emergency Department of the hospital is an area where asset tracking is extremely important due to the fast-pace activities that take place there. As one can see from the example above, there are a lot of moving parts and assets that are found in the ED. Current Non-Network Segregation Risks Network segregation is extremely important because it can isolate the hospital’s internal network from some external networks like the internet. By currently not having a segregated network, the organization is setting itself up for multiple risks to their security. Some of these risks can be seen below ( A Complete Overview of Network Segregation and Why It’s Crucial for Your Organization , 2022): Poor Operation Performance : Without a segregated network the system is danger of network congestion due to the inability to halt the traffic in one part of the systems’ network to another part. Inability to Limit Cyber Attack Damage : Without network segregation Jackson Purchase runs the risk of not being able to restrict how far an attack will be able to penetrate the system. This can run the risk of something like malware becoming unrestrained and spreading across multiple systems.
Security Management Document 9 Having Vulnerable Endpoints : Without the use of a segregated network, Jackson Purchase runs the risk of allowing damaging traffic to reach devices that find themselves unprotected. Consultant Network Created Risks With the new consultant network being created for Jackson Purchase Medical Center, there are a number of risks that can be created. First, there is a risk of receiving some bad advice from the consulting company. This could actually lead to damaging the hospital’s reputation when patients find that their personal data is not secure. The consultant company could be at risk for cybercrime and data breaches itself, which can lead to network security breaches at the hospital. These risks can include cyber extortion, financial burdens stemming from high recovery costs of lost data, and of course network security breaches. Another risk of the new consultant created network is third party damage in the form of financial burdens which can affect not just the patients, but the hospital’s stakeholders as well (deependra, 2023). Risk Tests and Security Assessment Testing for risks, and conducting a security assessment, are vital tasks that should be completed in order to allow the IT department to strengthen the Cybersecurity defenses of the hospital. A few of the risks test and security assessments for Jackson Purchase Medical Center are listed below (Gracy, 2023): Conducting a vulnerability assessment that will hopefully provide the organization with a list of security issues that require attention.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 10 Penetration testing should be conducted in order to find any weaknesses or vulnerabilities within the hospital’s network. This is accomplished by trying to hack into, or breach, the hospital’s security system. Weekly IT risk assessments should be conducted in order to evaluate what some acceptable risks levels are by identifying any potential risks and their overall impact on the hospital. A common risk level assessment can be seen here: (Gracy, 2023) Jackson Purchase should also conduct an IT audit in order to insure that the new network configuration is compliant with documented standards.
Security Management Document 11 Risk Mitigation According to Safety Culture, r isk mitigation is the process of understanding certain risks and threats, while also being able to accept that they exist. The organization must take the appropriate measures in order to reduce their effects in case they happen. This is a part of the   risk management   process which is necessary to prepare an organization for any threats to its operations and processes (Altomonte, 2022). There are various types of risk mitigation techniques that can be used, and to be successful, risk mitigation should be determined by the assessment of the organization’s risks assessments. Some of these risk mitigation types are risk transfer, risk acceptance, risk avoidance, and risk monitoring. Jackson Purchase Medical Center would have to conduct their risk mitigation by following these simple steps (Altomonte, 2022): Identifying all of the risks facing the company to include not only security breaches but also natural disasters and mechanical failures. After identifying the risks they need to be assessed to determine what the risk level is for each one found. The risks then need to be prioritized is order to see which ones need to be mitigated first, and which of those that are low risk and can wait. The risks need to be continually monitored for any changes so that the IT department can increase or decrease the priority of the risk. After the risk mitigation plan is created, it then needs to be implemented throughout the entire hospital through having all of the appropriate measures in place and conducting training for the hospital employees.
Security Management Document 12 Week 3: Access Controls and Security Mechanisms TBD
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 13 Week 4: Security Policies, Procedures, and Regulatory Compliance TBD
Security Management Document 14 Week 5: Network Security TBD
Security Management Document 15 References A Complete Overview of Network Segregation and Why It’s Crucial for Your Organization . (2022, March 14). Server and Cloud Blog. https://www.parallels.com/blogs/ras/network- segregation/#The%20Importance%20of%20Network%20Segregation Altomonte, L. (2022, November 23).  What is Risk Mitigation & Why is it Important?  SafetyCulture. https://safetyculture.com/topics/risk-mitigation/ CenTrak | Optimized Patient Flow with Human & Asset Tracking in the ER . (n.d.). CenTrak. https://centrak.com/resources/blog/optimized-patient-flow-in-the-emergency-department Davison, M. L. (2009, October 13).  Challenges - Managing External and Internal Consultants . Www.pmi.org. https://www.pmi.org/learning/library/challenges-managing-external- internal-consultants-6670 deependra. (2023, January 24).  5 Common Risks for Consulting Firms | Risk Management . BizCover. https://www.bizcover.com.au/consulting-business-risks/ Gracy, M. (2023, October 4).  How to Conduct a Security Risk Assessment: A 9-Step Guide . Sprinto. https://sprinto.com/blog/security-assessment-guide/ How a Hospital Asset Management Plan Can Improve Quality of Care – AkitaBox . (2020, February 25). Home.akitabox.com. https://home.akitabox.com/blog/hospital-asset- management-plan/ IPO Challenges and Sarbanes-Oxley Readiness . (n.d.). Deloitte United States. https://www2.deloitte.com/us/en/pages/advisory/articles/ipo-challenges-and-sox- compliance-for-newly-public-companies.html Jackson Purchase Medical Center . (n.d.). Jackson Purchase Medical Center. Retrieved January 4, 2024, from https://www.jacksonpurchase.com/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security Management Document 16 Office for Civil Rights BULLETIN: HIPAA Privacy in Emergency Situations . (2014). https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/understanding/special/ emergency/hipaa-privacy-emergency-situations.pdf SeventhQueen. (2022, August 2).  All you need to know about Asset Management in Healthcare | Best Guide 2022 | Infraon . https://infraon.io/blog/key-benefits-asset-management-in- healthcare/#What_are_fixed_assets_in_a_hospital Solving emergency department security challenges . (2020, March 24). Www.mgma.com. https://www.mgma.com/articles/solving-emergency-department-security-challenges

Related Documents

Chapter 2 Discussion_ Game Research.docx
HW3_draft.docx
HW4_latest.docx
Security+ Exam.pptx
Problem set 1-Working with Excel as Visualization tool.pdf
Understanding digital citizenship, ribble 2015.pdf
CS651_KristineCameron_IP3.doc.docx
CS651_KristineCameron_Final.doc.docx
CS651_KristineCameron_IP4.doc.docx
12.21.23 Sec3 Hmwk Lab2 wrk with Tables.docx
12.18.23 Sec2 hmwk query editor features.docx
INF103Week2Assignment.docx
Recommended textbooks for you
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS