Step 1: Defining the Information System Infrastructure
Select a hospital or healthcare organization to research. You may choose an organization you are familiar with or can readily obtain information about. To maintain confidentiality, you do not need to mention the name of the organization. You may also choose a hypothetical/fictitious healthcare organization.
Others have researched several healthcare organizations, which have suffered major security breaches, extensively.
You may incorporate what you find in your research, in your definition for workflows and processes for the high-level information systems and provide explanation of how that topology fulfills the mission for the health care organization. Your definition should include a high-level description of information systems hardware and software components and their interactions. Take time to read the following resources. They will help you construct your definition.
You may supply this information as a diagram with inputs, outputs, and technologies identified. Consider how you might restrict access and protect billing and PHI information.
You will include these definitions in your report.
Step 2: Threats
Now that you have defined the hospital’s information system infrastructure, you will have to understand what are the threats to those systems and describe the types of measures that could address those threats. In this section, you will learn about different types of identity access management solutions and how they protect against the threat of unauthorized access.
To complete this section of the report, you’ll brush up on your knowledge of threats by reading the following resources: web security issues, insider threats, intrusion motives/hacker psychology, and CIA triad. Take what you learned from these resources to convey the threats to the hospital’s information systems infrastructure. Include a brief summary of insider threats, intrusion motives, and hacker psychology in your report as it relates to your hospital data processing systems. Relate these threats to the vulnerabilities in the CIA triad.
This section of your report will also include a description of the purpose and components of an identity management system to include authentication, authorization, and access control. Include a discussion of possible use of laptop devices by doctors who visit their patients at the hospital, and need access to hospital PHI data. Review the content of the following resources. As you’re reading, take any notes you think will help you develop your description.
Next, expand upon your description. Define the types of access control management to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multi-factor authentication.
You will include this information in your report.
You have successfully examined the threats to a healthcare organization’s information systems infrastructure. Now, you must begin your research into password cracking software. Do some quick independent research on password cracking as it applies to your organization.
Here are some resources that will help you complete the lab:
Provide any information related to the issue that you are experiencing and attach any screenshot that you may be able to produce related to the issue.
Additional Lab Support Information:
More lab-related self-help information is available if you register for CLAB 699, our free online graduate Cyber Computing Lab Assistance hub.
Registering for Cyber Computing Lab Assistance
After completing the lab, you will have successfully tested more than one password cracking tool. Not all password cracking tools will necessarily perform with the same speed, precision, and results, making it important to test a few different products. Compare the password cracking tools based on these characteristics, and include as part of your assessment and recommendations on the use of such tools. You will test the organization’s systems for password strength and complexity and complete validation testing. You will compare the results obtained from your first and second tool.
You have tested and made comparisons of the performance of various password cracking tools and you have the data to support your recommendations for the use of such tools. The comparison will be part of your assessment and help you make recommendations on the use of such tools. You will test the organization’s systems for password strength and complexity and complete validation testing. You will compare the results comparing the various tools.
Include this information in your presentation.
Step 4: The Non-Technical Presentation
You now have the information you need to prepare your product for stakeholders. Based on the research and work you’ve completed in Workspace, you will develop two items: a technical report for the director of IT, and a nontechnical slide show presentation for the members of the board. You will tailor the language of your reports appropriately to the different audiences.
The nontechnical presentation: Your upper-level management team consists of technical and nontechnical leadership, and they are interested in the bottom line. You must help these leaders understand the identity management system vulnerabilities you discovered in password cracking and access control. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your presentation:
Step 5: The Technical Report and Executive Summary
The technical report and the nontechnical presentation will identify compromises and vulnerabilities in the information systems infrastructure of the healthcare organization, and identify risks to the organization’s data. You will propose a way to prioritize these risks and include possible remediation actions.
The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. Review the mission and organization structure of this healthcare organization. Review the roles within the organization, and recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format as part of your list of recommendations.
Provide a comparison of risk scenarios to include the following:
Provide an overall recommendation, with technical details to the director of IT.
The executive summary: In addition to your technical report, also create a nontechnical report as an executive summary.
The deliverables for this project are as follows:
Submit your deliverables to the assignment folder.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.