Task 2

1. Describe the business objectives being developed in the case study for the organization.


The business objective of the HBWC (Healthy BodyWellness Center’s) office of Grants Giveaway (OGG) is to promote the improvements of functionalities in hospital grants. This grant is work through federally supported researches, sharing information and evaluations. The OGG further focused to automate the functionality of their business to adapt with new technologies to promote the hospital grants more transparent and secure. The business objective will support the community with healthcare by enhanced technology functions.

2. Describe the guiding security principles based on the case study.


The security management principles of CIA (Confidentiality, Integrity and Availability) are focused on the case study. The proposed Small Hospital Grant Tracking System (SHGTS) was suggested to implement preserving the CIA functions. Confidentiality is known as the measurement that ensure the secrecy of data. It protect the data from an unauthorized access. The proposed SHGTS are focused on the securing the data. The mechanisms like encryption, access controls and steganography helps to improve the confidentiality functionalities.  The Integrity means the protection of reliability and correctness features of the data. The integrity and reliability works together to deliver the output. So they are interconnected. To protect the integrity, confidentiality must be passed. Human errors, viruses, hackers are known as the most influential threat vectors for the integrity. The availability factor is the top most influential principal that case study based on.  The availability cannot achieve without fulfilling the integrity and confidentiality correctly. Availability describes accessing the systems to authorized objects in uninterrupted manner. If the legitimate users are unable to access the system it will violate the availability.


3. Justify the organization’s business processes that should be included in the scope.

In the industry there are three types of business process are describe that include, operation process, supporting process and management process. From these business processes the organization that should be include management business process which measure the overall business procedures and activities. The management business process include the internal communications, governance, Infrastructure, security, capacity management etc. In the management type of business process it divide in to three categories such as strategic plan, tactical plan and operation plan. The strategic plan is focused one long term plans that expand up to 10 years and tactical plans focused on short term plans with around 1 year and operational plans are focused on daily plans (Rouse, 2016). The proposed SHGTS system need to adapt with management business process to get the maximum outcome of the project.

4. Justify the information systems that should be included in the scope.

Information systems are described as efficient systems that is consist with adequate process and built with various hardware’s combination of systems and networks. The proposed SHGTS system can be known as one information system that is already implemented in the infrastructure. Moreover CRM (Customer Relationship manager), Transaction processing systems, ERP (Enterprise Resource planning), Knowledge management system, Business intelligent systems are known as the information systems can introduced as information systems. For the proposed scope the information systems like translation processing systems and Enterprise Resource planning systems should be include (Davoren, 2018). As the project deal with money transaction processing systems will help to manage the money transaction with better transparency and audit functions. The ERP system will help to manage the resources of the proposed environment effectively. To have a better efficiency of any environment resource management is a must factor. The implementing the additional information systems will help to improve the efficiency and affectivity of the proposed concept.

5. Justify the IT infrastructure that should be included in the scope

Even the hardware for the infrastructure is limited, there should be several critical perimeter level protections need to be include. The users logged to the system via RAS via VPN but the proper access authentication is not mentioned. So the two level authentication should be implemented to the VPN such as VPN access tokens. VPN access tokens can be known as a best way to ensure the access security authorization functions. Further firewall level protection is needed to the infrastructure to protect the system from unwanted traffic.
The data flow of the proposed project will be as; users will be logged in to the RAS via VPN connection over the internet. The authorized users of the VPN access will be logged to the Access database and perform the functionalities. The proposal grant or deny can be done by users upon their user access level. The executives can review or approve the changes the done by users.

B. Recommend additional steps to address the identified risks in the case study that the organization would need to take to implement the ISMS plan.

The infrastructure of the SHGTS system does not have a properly implemented system security features to protect from the moderns risks. The modern information security risks include advance persistent threats, ransomware, injection, botnets, DDoS etc. The firewalls and several systems does not cover the protection. The older software’s should be upgrade to the current version to reduce the risks. The Access 97 is a very vulnerable version compared to 2016. So the access database should be changed. Further they can change the database to a secure database model such as Oracle, SQL server etc.  The host computers need to install with updated anti-virus solution and updated operating systems with updated patches. The unnecessary ports need to be closed in the servers to ensure protection from outsider threats.  The IPS (Intrusion Prevention System) can be an ideal way to prevent from attacks (Mondal, 2017). It may be cost but it’s worth to implement. The server should be hardened to comply with industry standards such as HIPAA (Health Insurance Portability and Accountability Act). The periodical audits can ensure the process is clearly maintain.

References

Davoren, J. (2018). Types of Information Systems in an Organization. Retrieved from http://smallbusiness.chron.com/types-information-systems-organization-43097.html
Mondal, C. (2017). Difference between IDS, IPS, and Firewall? is it possible to configure a firewall as an IDS?. Retrieved from https://www.linkedin.com/pulse/difference-between-ids-ips-firewall-possible-mondal-ceh-jncia-/
Rouse, M. (2016). What is business process? - Definition from WhatIs.com. Retrieved from https://searchcio.techtarget.com/definition/business-process


Comments

Post a Comment

Popular posts from this blog

Contact US

Image
If you want to contact us or Report any porblem in  in our blog or  Send us your Comments  Your Name Your Email Address Subject Message Image Verification Please enter the text from the image [ Refresh Image ] [ What's This? ] Free Signature Generator
Read more

Kavya Madhavan

Image
About Kavya Madhavan Kavya Madhavan was born in the village of Nileshwaram in Kannur district, Kerala. Her father P. Madhavan is an accountant and mother Shyamala a house wife. She has one brother Mithun, who is doing his post graduation in fashion designing in Australia. She started to learn dance while in High School. She was a Kalathilakam in a Sub District Schools Youth Festival . The title is bestowed on artists who prove their skills in most artistic fields. "Kavya entered the industry as a child artist in the film Pookkalam Varavayi (1991) in the role of a school girl. She came to public attention when she played the childhood part of the heroine character in Kamal's Azhakiya Ravanan (1996). She has since acted in over 50 films in Malayalam and a
Read more

Ryan enjoyed doing nude scene with Sandra Bullock

Image
Ryan enjoyed doing nude scene with Sandra Bullock Canadian actor Ryan Reynolds, who is married to actress Scarlett Johansson, says he enjoyed filming a nude scene with Sandra Bullock for "The Proposal" because she has a great body. "It's a good situation to be in, seeing her naked - believe me, Sandra's no slob, that's for sure," contactmusic.com quoted the actor as saying. The 32-year-old initially worried that Sandra, 44, would back out of the scene because of nerves. "I didn't think we'd shoot it to be honest because she's never done a head-to-toe nude scene before. "I just thought, 'Oh she's just going along with it and once we actually get closer to it, she'll say we need to rewrite this.' No way. She was 100 percent in," he said.
Read more