I. Technical Report: (6-7 pages)
Write the report assuming the audience of this report is the IT leadership of your hypothetical hospital/organization. Perform further research (outside of the course material) as needed. Consider the following outline to help you organize your report. Keep in mind that charts/diagrams/graphs/figures enhance your message. Hints are included in red.
Ø Title Page
Ø Purpose (Discuss the need to present this technical report to the IT management of your organization and the purpose for it)
Ø Information System Infrastructure (provide an overview of your hospital/organization, consider the use of diagrams/charts.)
a. Organizational Structure and Business Units
b. Mission Critical System
i. System Description
· Network (include a diagram - can be real or hypothetical)
ii. CIA of PHI (describe how the system is protecting the CIA of PHI to include talking about how your current antivirus detects malware and how that contributes to CIA of PHI)
Ø Threats (discuss the threats your hospital may be exposed to.)
a. Web security
b. Insider Threat
c. Intrusion Motives
d. Hacker Psychology
Ø Vulnerabilities to IM (discuss organization's vulnerabilities as related to your hospital IM. Step 3-4 ELM)
a. Identity Management
iii. Access Control Management (discuss access control mgmt. based on roles. What are the various roles for the people working at hospitals? Discuss access, restrictions and conditions for each role. Summarize this in tabular format.
Ø Identity Management Protection
a. Importance of Strong Passwords
b. Password Cracking Tools
Ø Product Comparative Analysis ( Consider using tabular format to compare both products based on criteria below)
a. Compare/contrast both products (i.e Cain and Ophcrack)
i. Type of attacks
· Brute Force
· Length to crack a password
· Password strength
Ø Handling Risk (Discuss the meaning of each option and explain to your company the consequences of various scenarios as described in Step 5)
a. Accept risk
b. Transfer risk
c. Mitigate risk
d. Eliminate risk
Ø Recommendations (based on your lab experience and what you have learned, provide a summary of your recommendations to your organization. Make this section very clear. E.g. Recommendation 1... Recommendation 2.... Etc.
II. Non-Technical Presentation (8-10 slides)
Ø Title Slide
Ø Hospital Overview
a. Business Units
b. Mission Critical System (I highly suggest diagram)
Ø Current Security Posture (List at least one thing they are doing right)
Ø Current Access Controls
Ø Current Vulnerabilities/Threats/Risks
Ø Product Comparison
Ø Reference Slide
III. Executive Summary (2-3 pages not including title/reference page)
Ø Title Page
Ø Executive Summary (summarize your report at a very high level. Essentially, you are summarizing your technical report in one-two pages. State the main recommendations. This is the page most leaders of an organization read in order to find out the overall message of your report).
Recently Asked Questions
- Please refer to the attachment to answer this question. This question was created from Tutorial9.
- Explain the differences between measuring quality of a manufactured product and quality of a service.
- Please refer to the attachment to answer this question. This question was created from Homework Assignment 6.