Course Project - Continued

docx

School

Liberty University *

*We aren’t endorsed by this school

Course

330

Subject

Information Systems

Date

Apr 28, 2024

Type

docx

Pages

11

Uploaded by MagistrateEchidnaMaster2333

Report
Running Head: SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 1 Security Plan for Mountain Tree Medical Center Nicholas Russell Liberty University Studies in Information Security, CSIS 340-D03 May 10, 2018
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 2 Security Plan for Mountain Tree Medical Center Purpose The goal of this security plan for Mountain Tree Medical Center is to thoroughly explain the objectives within and provide a better sense of security for everyone. Given the dynamic nature of network security, attackers cannot be stopped by purely static measures such as classic firewalls. (Alpcan & Basar, 2011). Some of the objectives of the plan include the following. Which databases will be used and how they will be used. Password security and authentication guidelines. Which operating systems the medical center will be using for their computers. The process for storing information on different databases within the medical center. The process of maintaining good physical security and data security. Keeping the system’s maintained against virus’s and having backups. With these objectives in place and all users follow them correctly it will ensure the protection of the systems at Mountain Tree Medical Center. Scope This network security plan applies to anyone who will access the Mountain Tree Medical Center computer network system. All through the security plan, the word “user” will be used to refer to all individuals who are accessing the computer network at Mountain Tree Medical Center. Security Safeguards Security safeguards consist of both Physical security and Employee Security both being particularly important to the overall security plan and having their own set of responsibilities for the employees who work at the medical center.
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 3 Physical Security Physical Security for Mountain Tree Medical Center will consist of rules built around securing the objects that can be damaged and tampered such as equipment and resources that can be stolen or altered. With a physical security safeguard implemented it reduces the risk of hardware failures due to neglect and reduces the chance of others being able to steal. All server rooms should be checked and monitored for their temperature and the room’s humidity to ensure they are at safe levels. No eating or drinking is allowed near any of the servers or computer equipment at Mountain Tree Medical Center. Network servers for Mountain Tree Medical Center should be stored in a locked room to ensure the safety of information. In each server room, all servers shall be running on a power supply that is uninterruptible to eliminate the risk of data loss in the event of a power outage. Employee Security Employee Security consists of the responsibilities that hiring staff needs to follow to ensure the security of information of everyone at the medical center. Some of the Employee security measures include. To ensure the security of data at the medical center employee vetting will be carried out to any job position that has access to sensitive data. Any individual that also has access to sensitive company data must be up to date with company policies that relate to accessing such data.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 4 Required Operating System The required operating system that will be used on all computer networks at Mountain Tree Medical Center will be Windows 10. The reasoning behind this is that it is the most supported operating system with the most programs built around it and being supported and updated by Microsoft continually. It is also the most used OS, therefore, being the most recognized and one of the simplest OS’s to navigate by all users. Data Protection & Authentication Having an authentication system and a password policy using cryptography put into place will be able to create more protection of confidential records and sensitive company data. (Johnson, 2015) The password policy will have 3 already common password methods. These methods and requirements of the passwords are as follows. All user’s passwords shall consist of a minimum of 7 characters long. The user’s password should be unguessable and have at least 1 uppercase and 1 number minimum All passwords should be remembered and not written down anywhere to eliminate the risk of user’s passwords being stolen. To successfully authenticate all user’s accessing the computer network all users at Mountain Tree Medical Center will be given an ID to pair with their password to be able to login to the network and become a way authenticating all users as a way of knowing who is online and any changes made to the network by that person tied to the ID. Login dates and time logged into the network is to be recorded and monitored. ID sharing is strictly prohibited.
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 5 Database Used After research, the best database to be used at Mountain Tree Medical Center is an OLTP database. While all databases come with pros and cons the OLTP database seems to best fit the needs of the medical center. While being designed for real-time operations this allows the medical center to quickly access new data. OLTP is also optimized to support thousands of concurrent users. Some of the premade database’s will consist of patient management, financial system, HR system and a lab data database. The process in which user’s will store information between these different database’s is by being assigned to certain databases such as clerical personnel being assigned to the transaction side and the HR system of the database and doctors and nurses could have access to the lab database and the ability to make changes. Domain Configuration Creating a LAN to WAN domain is the most efficient way for Mountain Tree Medical Center to have the perfect balance between security and accessibility. With having a LAN to WAN, it becomes efficient by connecting all the computers in the medical center into one network it also allows you to be able to connect to different offices that are across the country via WAN. Through this method, you will create a piece of the LAN to create a demilitarized zone which will allow the user’s to safely send and receive data from other centers. Security Verification & Requirements With security being the main goal at Mountain Tree Medical Center the following security systems must meet the requirements: Logs of system events must be stored for a minimum of 3 weeks.
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 6 All data related to security logs must be checked and reviewed daily to confirm Mountain Tree Medical Center’s security is up to date. Security logs need to list every login and logoff including the ID and times of all users on the computer network. No user including administrators should not have the rights to be able to alter the security log data to maintain an accurate log. Data Transmission Requirement The data transmission requirements for Mountain Tree Medical Center will be using the SFTP method. This protocol allows for larger data transmission compared to the other methods such as HTTPS and DDE. SFTP also encrypts both commands and data being sent making it a very secure data transfer method while transferring files over the internet. SFTP requires a purchase of the SFTP client software or development of software created specifically for the medical center. Maintaining Systems Every user at Mountain Tree Medical Center is responsible for each document. It is their responsibility to scan each document sent to them from other users and their task to scan their own documents before sharing them with other employees inside Mountain Tree Medical Center and outside. All firewalls are to be enabled always. Virus and Malware protection shall always be up to date and computers scanned on a weekly basis. Users are to notify an Administrator once finding a virus. Users are to scan all files being sent and received immediately
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 7 Finding Vulnerabilities A major role in keeping the network safe at Mountain Tree Medical Center is to keep track of all network vulnerabilities. This includes threats such as open ports. Finding ports that are open and that can be a threat can be found by running a security network scanner such as Advanced Port Scanner, and Nessus. Both programs are great at finding vulnerabilities within networks that can help secure your network against possible attacks. Nessus has more features than Advanced Port Scanner which makes it a better choice to use at the medical center, some of the features include scanning of the following vulnerabilities, misconfiguration, denial of service attacks, and default passwords which checks for weak or blank passwords on system accounts. The main use of using Nessus at Mountain Tree Medical Center is the vulnerability scan for vulnerabilities within the network and correct open ports that can be a threat for the medical center that could allow for intruders to gain access to the network. Some of the ports to look out for include the following ports TCP 21 which connects the FTP server to the internet allowing for numerous vulnerabilities including unwanted authentication, cross site scripting which makes this port an ideal access point for hackers. Another port is TCP 23 which is a port that sends data unmasked and not encrypted and in plain text, attackers can intercept this data and find credentials and inject commands. There is a huge threat with this port and the vulnerabilities that this port can have are a huge threat to a network. Having these ports closed will decrease the chances of having the network at the medical center compromised. Having these ports secured is crucial to the overall health of the network and ensuring the safety of the information that is being shared between employees.
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 8 Mitigating Vulnerabilities After finding these Vulnerabilities by running tests and multiple scans there are multiple ways that you can mitigate these threats some of the methods include closing dangerous ports that have been found to be open. Doing this will eliminate the threat of allowing someone like a hacker from getting access to the centers network. The use of an Intrusion Detection Systems (IDS) is a great way to analyze and look deep into a network. An IDS is a visibility tool that investigates the network from a security point of view which helps by providing information to help with security management teams displaying issues with security polices and virus’s. The IDS is normally paired with an Intrusion Prevention System (IPS). The job of an IPS is to control the traffic going between two networks which acts like a firewall allowing packets through and blocking other packets that are based on certain policies. Placing the IPS/IDS To setup an Intrusion Prevention System its placement is crucial to the overall health of the network. Placing the IPS sensor behind a filtering device such as the company’s firewall will help reduce the number of alerts that could have no significance. Configuring an IPS consists of setting up different basic network settings that can be different from other IPS’s and choosing different policies that the IPS will use for filtering. For placing the IDS, it is best to place it either behind or in front of the firewall that the company will be using whichever you choose will also have pros and cons with it. If you place it in front of the firewall it allows the IDS to monitoring all incoming and outgoing traffic. Configuring an IDS to work with an IPS will increase the security of the overall network and filter through data mitigating the chance of an attack.
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 9 Recovery Plan Having a Disaster Recovery Plan is very important for any company to have this will help reduce the amount of damage that will be done in the event on a data breach or leak. As well as something like a natural disaster such as extreme weather conditions and disasters. Some strategies to protect data include the following. Making sure the server room housing all servers is equipped with a climate control device, servers need to have a form of backup such as a backup power supply or generator. Having data being mirrored and updated constantly between all the offices will be able to secure the information if one of the offices were to have an outage or loss of a network connection. Having a list of the whole complete inventory of the offices such as the number of servers, computers, and other devices including software and the data within them backed up is great to have secured in the event of a computer failure to quickly. Having the medical centers data backed up to a secure off-site storage such as cloud storage will lead to having an overall safer network.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 10 References Johnson, R. (2015). Security policies and implementation issues. Burlington, MA: Jones & Bartlett Learning. Data Transmission Method Selection. (2017, July 10). Retrieved June 2, 2018, from https://www.cms.gov/Medicare/Coordination-of-Benefits-and-Recovery/Mandatory- Insurer-Reporting-For-Non-Group-Health-Plans/NGHP-Training-Material/Downloads/ Data-Transmission-Method-Selection.pdf Gallegos, F., & Tanner, S. (n.d.). Developing a Network Security Plan. Retrieved from http://www.ittoday.info/AIMS/Information_Management/1-06-30.pdf Alpcan, T., & Başar, T. (2011). Network Security: A Decision and Game-Theoretic Approach . Cambridge: Cambridge University Press. Lozupone, V. (2017). Disaster recovery plan for medical records company. International Journal of Information Management , 37(6), 622. doi:10.1016/j.ijinfomgt.2017.05.015 Hossam Abdel Rahman Mohamed. (2014). A proposed model for IT disaster recovery plan. International Journal of Modern Education and Computer Science , 6(4), 57. doi:10.5815/ijmecs.2014.04.08 Papadaki, M., & Furnell, S. (2004). IDS or IPS: What is best? Network Security, 2004(7), 15-19. doi:10.1016/S1353-4858(04)00106-0 Noel, S., & Jajodia, S. (2008). Optimal IDS sensor placement and alert prioritization using attack graphs. Journal of Network and Systems Management , 16(3), 259-275. doi:10.1007/s10922-008-9109-x
SECURITY PLAN FOR MOUNTAIN TREE MEDICAL CENTER 11 Sapri, M., & Abd Razak, S. M. (2016). Asset management recovery after the disater: State of knowledge. MATEC Web of Conferences , 66, 67. doi:10.1051/matecconf/20166600067

Related Documents

week 7 BIG.pptx
Identifying_and_Removing_Malware_from_Windows_Systems_4e_-_Vikas_Nehra.pdf
SITHKOP010 Project 3 - Instructions.docx
HumanFireWallBarba.pdf
Week 1 assignment capstone.docx
Managing_Group_Policy_within_the_Microsoft_Windows_Environment_4e_-_Vikas_Nehra.pdf
Auditing_Windows_Systems_for_Security_Compliance_4e_-_Vikas_Nehra.pdf
Prueba 2_ EMPRENDIMIENTO.pdf
Creating_a_Scheduled_Backup_and_Replicating_System_Folders_4e_-_Vikas_Nehra.pdf
prueba 1 de etica.docx
HCM 345 8-2 Quiz Q#2.jpg
NM08-Actividad-3.pdf