InformationSecurityAssurance-final - Information Security and Assurance final 1 A major public consulting firm has been tasked with implementing an

InformationSecurityAssurance-final - Information Security...

This preview shows page 1 - 2 out of 8 pages.

Information Security and Assurance final 1. A major public consulting firm has been tasked with implementing an online patient care system that will enable a military medical facility to electronically provide military patients access to their medical records. The patients include both active and retired military personnel located throughout the world. Included in the system is a social network so patients could share information with each other and provide feedback to the medical facility. a. Discuss and explain the potential security threats. The the medical information compiled by the military could be hacked by non-ally countries. If the database where the medical information resides is hacked or compromised, the safety of the military personnel and national security could be at risk. Stolen personal information could be exposed and used against them. Medical information could be used to target specific troop weaknesses. If the information is compromised internally, the medical data could be used to discriminate against or demote military personnel. A natural disaster that impacts the datacenter where the application or data is held would be catastrophic. During a natural disaster, access the medical information would be even more critical. Denial-of-service attacks that cause outages could be detrimental to troops safety and well being. b. Identify the potential vulnerabilities of such a system and provide your rationale.- confidential During the creation and implementation of the system, private medical information might be accessible by contractors and programmers during and after development. The medical information database could be more easily comprised because of the openness of the network and its worldwide availability. It would be more difficult to detect unauthorized user access based on IP address because of the global accessibility and the number active duty and retired military personnel. Another possible vulnerability is the datacenter and where the data and application portal are housed. A security breach of the medical records could be disastrous. c. Describe relevant security approaches necessary to protect both the patients and the military organization responsible for maintaining the new system. The military IT staff tasked with implementing and managing this application should require each user to provide high level authentication. Every account defaults to inactive until the user registers. Password guessing and other attempt unauthorized attempts to access an account would not be possible. When a user registers for the first time it should be required they supply their social security number, rank, birthday, serial number, and enlistment year. Once the user enters the system they are required to provide a strong alpha numeric password and warned about the dangers of sharing the login data or medical information. The user’s login IP address location could be limited to the Unit ed States and the region in the world where the military person is stationed or on duty. A redundant

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture