CS651_KristineCameron_IP4

.docx

School

Colorado Technical University *

*We aren’t endorsed by this school

Course

651

Subject

Computer Science

Date

Feb 20, 2024

Type

docx

Pages

25

Uploaded by MinisterSeal8216

Report
Computer Systems Security Foundations: CS651 Security Management Document Kristine Cameron 26 January 2023
Security Management Document 2 Table of Contents Week 1: Introduction to Information Security ............................................................................................. 3 Company Description .............................................................................................................................. 3 Information Security Needs, Risks, and Benefits .................................................................................... 3 On-Site Consultant Challenges ................................................................................................................ 5 Company IPO Challenges ........................................................................................................................ 6 Week 2: Security Assessment ...................................................................................................................... 7 Typical Assets ......................................................................................................................................... 7 Current Non-Network Segregation Risks ................................................................................................ 8 Consultant Network Created Risks .......................................................................................................... 9 Risk Tests and Security Assessment ...................................................................................................... 10 Risk Mitigation ...................................................................................................................................... 11 Week 3: Access Controls and Security Mechanisms ................................................................................. 12 Access Control Mechanisms .................................................................................................................. 12 Access Control Protection ..................................................................................................................... 14 SSO and VPN Technology .................................................................................................................... 15 Week 4: Security Policies, Procedures, and Regulatory Compliance ........................................................ 17 Regulatory Requirements ...................................................................................................................... 17 Company Policies .................................................................................................................................. 19 Company Controls ................................................................................................................................. 20 Data at Rest / Data in Motion ................................................................................................................ 21 Week 5: Network Security ........................................................................................................................ 23 References ................................................................................................................................................. 24
Security Management Document 3 Week 1: Introduction to Information Security Company Description This Security Management Document will cover the information security needs, risks, and benefits for Jackson Purchase Medical Center located in the heart of Mayfield, Kentucky. This facility opened its doors in 1993 and offers 107 private rooms for its patients. Jackson Purchase offers both emergent and elective inpatient and outpatient services. These include a New Beginnings Birthing Center, an Advance Healing Wound Care Center, and a state-of-the-art Chest Pain Center ( Jackson Purchase Medical Center , n.d.). This medical center offers fourteen beds in its Emergency Department (ED), not including their triage room, and has set their goal to thirty minutes from the time the patient walks into the ED until they exit ( Jackson Purchase Medical Center , n.d.). While every situation is different, this is the goal that is set for Jackson Purchase and the eight counties that it provides quality care for. Information Security Needs, Risks, and Benefits A case study has been initiated for this growing medical center, showing that the security posture of the company is in need of updating due to its rapid growth over the last few years. This has led to an initial public offering (IPO) requiring new regulatory requirements to be met by the company. Thus a review of the current information security that is in place needs to be conducted in order to successfully expand the current infrastructure, enabling the company to operate more efficiently, and yet still maintain an environment that is secure. The need for an update of information security is greatly needed in the ED at Jackson Purchase Medical Center. Though the ED is set aside for emergency situations, this is no excuse for a
Security Management Document 4 violation of the Heath Insurance Portability and Accountability Act (HIPAA) which protects the patients’ private health information. This act protects a patients’ private information, restricting who can have access to the medical records. In addition to the doctors and nurses that are providing care for the patients, various registrars also have access to this information. Often times in the ED, the registrars are the first point of contact that a patient sees who has full access to their records. To ensure public health and safety, HIPAA also recognizes other various authorities to have access to personal medical files. These can include public health authorities, such as the Centers for Disease Control and Prevention (CDC), foreign government agencies in collaboration with a public health authority, and any persons that may be in risk of spreading or contracting a disease ( Office for Civil Rights BULLETIN: HIPPA Privacy in Emergency Situations , 2014). There are numerous risks to information security at the Jackson Purchase Emergency Department due to the fact that it is such a high-volume traffic area. With the lack of medical facilities available to patients in the evenings and on weekends, most of these patients end up in their local emergency room. This tends to make the ED one of the most stressful and challenging areas in any hospital. Not only are the nurses and registrars challenged to ensure that all patient information is secure, they are also hidden security dangers that can come in the form of the individuals that come into the ED. Some of these risks are as follows ( Solving Emergency Department Security Challenges, 2020): Patients or visitors who are under the influence of drugs or alcohol. The circumstances that can arise from victims of gunshot wounds and/or gang violence. Patients suffering from mental health behaviors.
Security Management Document 5 Domestic violence patients who are followed into the ED by their abusers. Patients escorted into the ED by law enforcement officials. The ED can benefit from a new update of the security posture by implementing access controls that would limit the access of emergency patients from other parts of the hospital, keeping the ambulance entrance separated from the walk-in entrance and waiting room, providing a security staff to provide protection to the registrars, nurses, and other care providers, and having a rapid lockdown program in place in the event of emergencies ( Solving Emergency Department Security Challenges, 2020). On-Site Consultant Challenges While on-site consultants can bring their knowledge and expertise to a project such as this, their agenda oftentimes does not match that of the hospital staff that they are consulting. Because the consultant’s behavior may be influenced and driven by a variety of motives, it can be challenging for them to work with project managers without conflict arising (Davidson, 2009). Although one of the biggest challenges when it comes to on-site consultants in the ED is that this department is almost always constantly busy. With the tasks of checking in patients, running back to get paperwork signed, taking payments, and filling out countless forms, there isn’t time to breathe, let alone have the time to sit down with a consultant to discuss changes to the company’s IPO. Company IPO Challenges As with any IPO taking place, this process can be extremely complex and be faced with multiple challenges for the company. According to Deloitte, here is a list of a few of the challenges that
Security Management Document 6 Jackson Purchase Medical Center will face with the recent IPO taking place ( IPO Challenges and Sarbanes-Oxley Readiness , n.d.): There can be poor planning involved on the part of the company in meeting the new regulations and requirements. The company may not have sufficient funds at their disposal in order to meet the financial requirements of the IPO. Jackson Purchase may not have leadership in place with the experience necessary to manage the IPO process. The company’s internal controls may be too weak in order to manage all of the complexities that the new IPO brings to the table.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help