CSEC630 Team Assig met iTrust

1337 Words6 Pages
Introduction:
In today’s cyber environment everything is that the tip of society’s fingertip and healthcare is not the exception. Every organization from hospitals to the local family doctor’s office is realizing the cost savings and convenience of having a medical system in place that can store, track, audit, and maintain a patient’s history. Such technology is mutually beneficial to patients alike since searching for providers becomes much easier when login into a medical portal allows the user to find specialist of all sorts without much hassle.
However, designing and developing such a medical system must be build and deployed keeping a few things in mind such a privacy, confidentiality, system availability and security. By ensuring
…show more content…
We used the sum of values from the first tablet #1 to prioritize the requirements that have the highest likelihood of being attacked. As a hacker requirement #2, find qualifies licensed health care professional, is the easiest to attack based on the value points from each table. Followed by the emergency responder requirement which contains valuable information from database tablet such as hospitals. An attack to this database can reveal a person’s medical history. The view access log was considered the third easiest requirement to attack based on although the information is sensitive, it does not reveal patients names or points of contacts.
Table # 3 allowed the team to prioritize the security risk from lowest to highest. Our findings and analysis lead us to find that requirement# 2 is the easiest to attack and has the highest security risk of all. This is very concerning from a cyber-security perspective because of the type of information that can be compromised by a breach such as user data containing user IDs, passwords, and security questions (Williams, Gegick, & Meneely, 2009).
Table 3: Security Risk

Requirement
Ease of Attack Points Max Value of Asset Points
Security Risk
Rank of Security Risk
1: Add role: emergency responder.
40
100
4000
2
2: Find qualified licensed health care professional.
100
100
10000
1
3: Update diagnosis code table.
8
100
800
4
4: View access log.
40
100
4000
2

Security management

    More about CSEC630 Team Assig met iTrust

      Open Document