Task 2

1. Describe the business objectives being developed in the case study for the organization.


The business objective of the HBWC (Healthy BodyWellness Center’s) office of Grants Giveaway (OGG) is to promote the improvements of functionalities in hospital grants. This grant is work through federally supported researches, sharing information and evaluations. The OGG further focused to automate the functionality of their business to adapt with new technologies to promote the hospital grants more transparent and secure. The business objective will support the community with healthcare by enhanced technology functions.

2. Describe the guiding security principles based on the case study.


The security management principles of CIA (Confidentiality, Integrity and Availability) are focused on the case study. The proposed Small Hospital Grant Tracking System (SHGTS) was suggested to implement preserving the CIA functions. Confidentiality is known as the measurement that ensure the secrecy of data. It protect the data from an unauthorized access. The proposed SHGTS are focused on the securing the data. The mechanisms like encryption, access controls and steganography helps to improve the confidentiality functionalities.  The Integrity means the protection of reliability and correctness features of the data. The integrity and reliability works together to deliver the output. So they are interconnected. To protect the integrity, confidentiality must be passed. Human errors, viruses, hackers are known as the most influential threat vectors for the integrity. The availability factor is the top most influential principal that case study based on.  The availability cannot achieve without fulfilling the integrity and confidentiality correctly. Availability describes accessing the systems to authorized objects in uninterrupted manner. If the legitimate users are unable to access the system it will violate the availability.


3. Justify the organization’s business processes that should be included in the scope.

In the industry there are three types of business process are describe that include, operation process, supporting process and management process. From these business processes the organization that should be include management business process which measure the overall business procedures and activities. The management business process include the internal communications, governance, Infrastructure, security, capacity management etc. In the management type of business process it divide in to three categories such as strategic plan, tactical plan and operation plan. The strategic plan is focused one long term plans that expand up to 10 years and tactical plans focused on short term plans with around 1 year and operational plans are focused on daily plans (Rouse, 2016). The proposed SHGTS system need to adapt with management business process to get the maximum outcome of the project.

4. Justify the information systems that should be included in the scope.

Information systems are described as efficient systems that is consist with adequate process and built with various hardware’s combination of systems and networks. The proposed SHGTS system can be known as one information system that is already implemented in the infrastructure. Moreover CRM (Customer Relationship manager), Transaction processing systems, ERP (Enterprise Resource planning), Knowledge management system, Business intelligent systems are known as the information systems can introduced as information systems. For the proposed scope the information systems like translation processing systems and Enterprise Resource planning systems should be include (Davoren, 2018). As the project deal with money transaction processing systems will help to manage the money transaction with better transparency and audit functions. The ERP system will help to manage the resources of the proposed environment effectively. To have a better efficiency of any environment resource management is a must factor. The implementing the additional information systems will help to improve the efficiency and affectivity of the proposed concept.

5. Justify the IT infrastructure that should be included in the scope

Even the hardware for the infrastructure is limited, there should be several critical perimeter level protections need to be include. The users logged to the system via RAS via VPN but the proper access authentication is not mentioned. So the two level authentication should be implemented to the VPN such as VPN access tokens. VPN access tokens can be known as a best way to ensure the access security authorization functions. Further firewall level protection is needed to the infrastructure to protect the system from unwanted traffic.
The data flow of the proposed project will be as; users will be logged in to the RAS via VPN connection over the internet. The authorized users of the VPN access will be logged to the Access database and perform the functionalities. The proposal grant or deny can be done by users upon their user access level. The executives can review or approve the changes the done by users.

B. Recommend additional steps to address the identified risks in the case study that the organization would need to take to implement the ISMS plan.

The infrastructure of the SHGTS system does not have a properly implemented system security features to protect from the moderns risks. The modern information security risks include advance persistent threats, ransomware, injection, botnets, DDoS etc. The firewalls and several systems does not cover the protection. The older software’s should be upgrade to the current version to reduce the risks. The Access 97 is a very vulnerable version compared to 2016. So the access database should be changed. Further they can change the database to a secure database model such as Oracle, SQL server etc.  The host computers need to install with updated anti-virus solution and updated operating systems with updated patches. The unnecessary ports need to be closed in the servers to ensure protection from outsider threats.  The IPS (Intrusion Prevention System) can be an ideal way to prevent from attacks (Mondal, 2017). It may be cost but it’s worth to implement. The server should be hardened to comply with industry standards such as HIPAA (Health Insurance Portability and Accountability Act). The periodical audits can ensure the process is clearly maintain.

References

Davoren, J. (2018). Types of Information Systems in an Organization. Retrieved from http://smallbusiness.chron.com/types-information-systems-organization-43097.html
Mondal, C. (2017). Difference between IDS, IPS, and Firewall? is it possible to configure a firewall as an IDS?. Retrieved from https://www.linkedin.com/pulse/difference-between-ids-ips-firewall-possible-mondal-ceh-jncia-/
Rouse, M. (2016). What is business process? - Definition from WhatIs.com. Retrieved from https://searchcio.techtarget.com/definition/business-process


Comments

Post a Comment

Popular posts from this blog

Contact US

Image
If you want to contact us or Report any porblem in  in our blog or  Send us your Comments  Your Name Your Email Address Subject Message Image Verification Please enter the text from the image [ Refresh Image ] [ What's This? ] Free Signature Generator
Read more

The threats to the server of network traffic.

1. The threats to the server of network traffic. Unpatched OS: The servers are not patched with the latest operating system patches. This can raise a big threat for the infrastructure as well advantage for the hackers. Unpatched operating system can consider as a security loophole that exist with the servers. The critical servers have the huge impact from this issues and hackers can easily exploit any vulnerability using this. Coursey, 2013 describes unpatched OS as the number one risk for infrastructure for any organization. The hackers can gain access to the server using the unpatched vulnerability and attack for the server and delete the data. Compromise the server can consider as a likelihood of exploiting OS vulnerability. Prevention: prevention of attack vector from unpatched OS can done using properly updating and patching the systems. Internet patches can be enabled for the server to get update automatically. But if automatic updates effect for the environment, manual up...
Read more

Deepti Naval

Image
Deepti Naval I do not like the fact that Naseer gets angry on the sets: Deepti Naval Deepti Naval in a conversation tells JYOTHI VENKATESH that Naseeruddin Shah is part of her psyche as an actor on the occasion of his 59th birthday. Over to Deepti Naval, “I think that Naseer is a much better actor than a director, because he has not explored that side of his as a director. It is sad that though I have worked with him as a co-actor, in films like Katha, Mirch Masala, Mane, Junoon, Apna Jahaaan and Firaque, I did not get the opportunity to work under his direction when he made his debut as a film director . It is only when you get to see his body of work as an actor that you can evaluate his growth as an actor .” “I worship him as an actor . To observe him was actually my first acting lesson on the sets of Junoon, when I knew nothing of acting, not even the A, B, C, though I was confident as a youngster of acting. It was after watching him constantly that I learnt what it is ...
Read more