Chat with us, powered by LiveChat CST 610 UMUC Project 1 Information Systems and Identity Management Paper | Abc Paper
+1(978)310-4246 credencewriters@gmail.com
  

1) Transfer content in the attached power point slides to the attached power point template with umuc background.2) Reword the attached word document for plagiarism. – Do not change the headings and context – format the paper to look like a real business document- Re design the image in the document3) Reword and format the executive summary
cst610_dfc610_p1_slide_template.pptx

cst_610_project_1_information_systems_and_identity_management.pptx

project_1_reword.docx

project_1_reword.docx

exective_summary.docx

Unformatted Attachment Preview

Executive
Presentation Slides
(8-10 slides)
[Cindy Cyber]
Cyberspace and Cybersecurity Foundations
Mission Critical Systems
• Click to Add Text
• Click to Add Text or Image
2
Key Threats and Risks
• Click to Add Text
• Click to Add Text or Image
3
Key Recommendations
• Click to Add Text
• Click to Add Text or Image
4
References
Every presentation should have a reference slide for the
citations used.
Carter, S. (2016). The sky is almost always blue. Library
of Congress: Washington, DC
S. Carter (personal communication, October 20, 2016).
Virsigns (2014). Retrieved October 20, 2016 from
www.virsigns.com
5
Extra Slide Examples
• The following slides are extra, to be used if needed
• Delete ALL extra slides if they are not used
• Additional heading
6
Two Column Paragraph Style 1
Column 1
Column 2
Inctorenatur modite volora
ipsant laborio represc
ilicius dolent ut verem dolo
ma volessintem qui
comnimint essitis ut.
Odio ma doloreh
endicideria quas dolorunt
est quiam veligendis re
niminus, ut et optatendae
niminitia suntur.
7
Two Columns with Picture 1
Column 1
Column 2
Inctorenatur modite
volora ipsant laborio
represc ilicius dolent ut
verem dolo ma
volessintem qui
comnimint essitis ut.
Inctorenatur modite
volora ipsant laborio
represc ilicius dolent ut
verem dolo ma
volessintem qui
comnimint essitis ut.
Figure 1. 60th Birthday Party Decoration (Virsigns, 2014)
8
Three Column Paragraph Style 1
Column 1
Column 2
Column 3
Inctorenatur modite
volora ipsant laborio
represc ilicius dolent ut
verem dolo ma
volessintem qui
comnimint essitis ut.
Odio ma doloreh
endicideria quas
dolorunt est quiam
veligendis re niminus, ut
et optatendae niminitia
suntur.
Inctorenatur modite
volora ipsant laborio
represc ilicius dolent ut
verem dolo ma
volessintem qui
comnimint essitis ut.
9
APA Presentation Images and Tables
Figure 1. 60th Birthday Party Decoration (Virsigns, 2014)
Name
Military Service
Years
Stephanie Carter
US Army
20 years
JD Carter
US Navy
5 years
Table 1. Military Service. Retrieved from personal communications with S. Carter (2016)
10
ABC MEDICAL
INFORMATION SYSTEMS REVIEW AND
RECOMMENDATIONS
INFORMATION
SYSTEMS
OVERVIEW

Fully redundant medical billing system

Mobile device requirement for doctors and
nurses

Desktop computer requirement for back office
workers
BUSINESS
UNITS

Health Service Unit (doctors, nurses)

Patient Support Unit (intake
specialists, appointments, billing)

Facilities and Maintenance
(custodial staff, grounds crews)
MISSION CRITICAL SYSTEMS
Fully redundant medical billing software
Utilizes encrypted connections (HTTPS)
Role based access (RBAC)
Designed with CIA Triad in mind
CURRENT SECURITY POSTURE
Password Complexity
Adequate
Not sufficient
Role Based Access
Network Access Control

Current access controls utilizing RBAC prevent
unauthorized access to information

Doctors and Nurses can view and edit patient care
records

Billing staff can not view or edit patient care
information.
ROLE BASED ACCESS
PASSWORD COMPLEXITY
The easiest to solve and the biggest threat
+ Increase password complexity to enforce 8
character minimum, one capital letter, one number,
and one special character
+ Purchase two factor authentication system (2FA)
NETWORK ACCESS CONTROL
Harder to implement and lower risk
+ Still a high priority
+ Stop rogue access to network

Passwords get
compromised

Unauthorized
access to the
internal
network over
wifi
THREATS
CONCLUSION
01
02
03
Implement
stronger
password
requirements
Purchase two
factor
authentication
Purchase
network
access control
Information Systems and Identity Management
Student
institution
Information Systems and Identity Management
A functioning information system depends on its infrastructure which comprises
software, hardware, telecommunications networks, databases that supports responsive change
particularly after a cyber-attack with the company readiness and procedures managed by various
experts to prevent such an attack from reoccurring. (Zwass, 2016)
The focus of this study is to analyze the information system’s structure and infrastructure,
as the organization identifies its mission-critical system, the multiple threats towards the
information systems infrastructure, devising a plan to avoid those threats and implement the
proposed recommendations for the organization work well. The use of password cracking tools
for ethical purposes is discussed as well. It’s an essential need within an organization for legal
issues or to recover forgotten passwords for the security purposes
Information Systems Infrastructure
The chart below explains the organizational structure of Medicare for All Health Center,
which is based off two main structures Administrative operations and Information Efficacy with
the information center storing all the data of each healthcare unit.
Recent trends have healthcare centers with their information centers as a separate entity
headed by experienced personnel, which further divides the departments to work separately to
assist, technical services, and information services to required departments and end users.
Information efficacy requires the increased use of computers to enhance coordination and
supporting professional services and information technology. Among business units, like
pharmacy and a business strategy, which could function in hospitals, the staff of the Health
Center can coordinate by working towards effective clinical and management skills.
Mission critical system
Encryption software for Electronic health records of patients. The need for encryption software
in organizations that store sensitive information is vital.
Computerized physician order entry (CPOE) is the process of a medical professional
entering medication orders or other physician instructions electronically instead of on paper
charts. It helps reduce errors related to poor handwriting or transcription of medication orders.
(Rouse, 2014)
It’s also essential for protecting health information by restricting access to just physicians
and nurses to avoid delays of the entire system especially in medication orders and delivery. The
CPOE software should be used to limit access to only physicians, nurses, and authorized staff.
Every user should have a particular password, as the software is password protected from having
accountability in case of a breach.
Current Security Posture
At Medicare for All Health Center, various authorization and authentication controls are
implemented in the information systems, which allow the flow of data containing medical
records, billing, user accounts, etc. As well as a directory that identifies and stores integrated
information and transfers the data received to identity management.
OSI Model
The Open System Interconnection (OSI) protocol consists of 7 layers, which handles the
data in a way that is different from one another. The unit in which a particular layer processes
data is called a Protocol Data Unit (PDU). Some layers add layer-specific information to the data
and can be in the form of a header, a trailer, or both. The header information is added at the start
of the PDU, while the trailer information is added at the end of the PDU. This header or trailer
contains information that is useful in controlling the communication between two entities.
(Alani, 2014)
TCP/IP protocol
TCP (Transmission Control Protocol) is the communication protocol that connects hosts
to the internet, and also manages the transmission of data between installed applications in
information system hardware. It has a standard procedure for transmitting data over networks,
with minimal to no breach and the Internet Protocol (IP) deals with transferring data between the
host computers in the information system.
Network protocols
The Network protocol used by Healthcare Information systems is called Ethernet. Its
open system allows connected hardware to transmit data and listen to a common communication
channel within the network before sending on the network. (Kamal, 2008)
THREATS
Recently, the vulnerabilities within the CIA triad at Medicare For All Health Center have
been with confidentiality. The breaches of our system recently showed that authorized user has
been negligent with sensitive information of patients, which led to a violation from an
unauthorized user.
Insider Threat
Insider threats are considered to be very severe to an organization, with staff and
employees having access to the information system. Former employees and staff can also be a
threat as well depending on the circumstances of their departure. Sensitive data can be altered
and stolen within the organization, which should lead to precautionary tactics, e.g. an accessing
log to prevent such a situation. Organizations need to keep in mind and implement security
policies that best protect their intellectual property because, within an organization, the employee
population is the source of potential malicious insiders. (Carnaghan, n.d.)
Intrusion Motive
Intrusion motives may vary within the healthcare information system. Financial intrusion
motives could stem from gaining access to various patient social security numbers, which could
then lead to credit cards being opened up in the patient’s name or something else detrimental to
their identity.
Hacker Psychology
Hacker’s motive is usually straight-forward, yet varies but to protect sensitive data and to
avert hackers from getting into the system, it’s important to understand their motivation.
Spoofing could be used in the form of fake email links and websites to gain access and steal
confidential information on patients or the organization itself.
Identity Management
Medicare for All Health Center applies a process of identity management of utilizes
biometric technologies to manage information about the identity of users. The purpose of identity
management is to prevent unauthorized users, manage identities, and credentials. Biometric
methods do not guarantee absolute precision, although it may be deficient as there is always a
chance that a biometric system may incorrectly refuse to authenticate the legitimate user, or
wrongly accept imposters. (Jovanović et al., 2016)
Authentication
Authentication and authorization are essential for both internal and external users, to gain
access to the computer system. Identity management system has to define some access controls,
for users, e.g. the need for a username and password before gaining access to the medical system.
Password Management and Protection
Users are allowed to create their password to have access to multiple systems. Each of the
users having their password makes for better password management as the user will be
responsible for protecting it. Password protection is essential, so it’s advised to create stronger
passwords to make it very difficult to impossible for hackers to gain access.
Multifactor Authentication
It is highly recommended to increase the security of the healthcare information system as
it requires a second authentication to confirm the identity of an authorized user fully. Single
Sign-On is very susceptible to a breach because it’s authentication that allows a user to access
one or more resources within a single security domain. SSO, where clients logs in once to gain
access to different resources connected to a local area network (LAN), without the need to reenter log-in credentials. (Jovanović et al., 2016)
Authorization
The identity management system authorizes specific users based on their attributes,
identity while limiting the amount of access to be granted. The access control installs the identity
management systems to manage information, future authentication, and authorization request of
an authorized member.
Access Control
The access control refers to the enforcement mechanism for the required security with
base access controls on physical attributes, sets of rules, lists of individuals’ identities. (Saxena
& Bong Jun 2015) The access control gives the healthcare management the authentication and
authorization to provide security solutions to protect healthcare data.
Role-based Access Control
The role-based access control is managed by a central authority that determines what
permissions subjects are given according to their roles. These access controls can be used in a
computer or network to restrict or allow access based on a variety of criteria, e.g. users in the
same role tend to have the same job functions, responsibilities, and duties associated with them.
(Stallings & Brown, 2008)
Password Cracking Tools
Cain & Abel and Ophrack were the two password cracking tools used. The techniques
Brute force and Dictionary were applied on the Cain & Abel software, while Ophrack had a
“crack” option to solve the password. The benefits of password cracking tools are that a
forgotten password can be recovered at less of a security risk and changed once cracked. A risk
of password cracking tools is that it might be susceptible to inside threat and then be used
unethically, so it is advisable to have only authorized staff to have access to the password
cracking tool.
Password Cracking Tools
Ophcrack was quicker and recovered more passwords than Cain & Abel. All the
passwords Ophcrack recovered were under a one minute, for Cain & Abel it took about an hour
to attempt to recover all accounts except Xavier which was 30 seconds. The time left on the rest
of the user accounts had, for example, 6.79047e+010 years for Mouse, which was the longest
among the other user accounts.
The passwords recovered by Ophcrack were recovered at the same time. The passwords
were not complicated; they all were relative to the user name. The four types of the character set
are lower case letters (ABC), upper-case letters (ABC), digits (123), and special characters
(@#$). For a strong password a minimum of 12 characters, one from each character sets. I
believe password policies should require users to change their passwords between 60-90 days.
Pros

Logging in isn’t complicated with the same username and password for each computer.

Employees will have easy access, less likely to forget the username and password
Cons

Hackers have it easier because only one username and password will be required and
there will be multiple computers to choose from, all they would need is an empty
computer space

Inside threat heightens, and it will be difficult to hold an employee accountable for a
breach.
RECOMMENDATIONS
1. Having surveys for the patients, regarding their experience while at the hospital, can
improve our information systems, increase our quality of care for the incoming patients
and give us a general vision of how the hospital is relating and being productive towards
its patients.
2. Vulnerability scans should be run on the systems daily, keep track of the user accounts and
passwords as they reach their recommended change time, install software patches and keep
the malware up to date.
3. Insider threats can be avoided by performing surveys as well, amongst the employees and
staff members as well to get a picture of how they might be relating to one another and
how they’re dealing with work-related issues. Operating systems evaluations regularly are
necessary too.
CONCLUSION
Medicare for All Healthcare Center must make use of high standard information technology
systems that keeps healthcare information systems up to the required standard. Securing and
operating information and threat concerns require compliance from employees and staff.
Medicare for All Healthcare Center has to keep working on implementing vital operations and
measures to help their patients and boost productivity and security as an organization.
REFERENCES
Alani, M. M. (2014). Guide to OSI and TCP/IP models/ Retrieved from
http://eds.a.ebscohost.com.ezproxy.umuc.edu
Carnaghan, I. (n.d.) Motivation and Intent of Hackers, Cybersecurity.
Jovanović, B., Milenković, I., Sretenović, M. B., & Simić, D. (2016). Extending identity
management system with multimodal biometric authentication. Computer Science & Information
Systems, 13(2), 313-334. doi:10.2298/CSIS141030003J Retrieved from:
http://eds.a.ebscohost.com.ezproxy.umuc.edu/
Kamal, R. (2008) Lesson-25: Ethernet Protocol, DEVICES AND COMMUNICATION BUSES
FOR DEVICES NETWORK, McGraw-Hill Education.
Rouse, M. (2014) Computerized Physician Order Entry (CPOE), SearchHealthIT.
Retrieved from: http://searchhealthit.techtarget.com/definition/computerized-physician-orderentry-CPOE
Saxena, N., & Bong Jun C. (2015) Authorization and Access Control in the Smart Grid (SG)
Network, State of the Art Authentication, Access Control, and Secure Integration in Smart Grid,
Energies.
Stallings, W., & Brown, L. (2008) Computer security: Principles and practice, lecture slides,
access control. From KU Electrical Engineering and Computer Science. Retrieved from
http://www.slidefinder.net/c/ch04/24740286/p2
Zwass, V. (2016) Information Systems, Encyclopædia Britannica.
Retrieved from: https://www.britannica.com/topic/information-system/Information-systeminfrastructure-and-architecture
Information Systems and Identity Management
Student
institution
Information Systems and Identity Management
A functioning information system depends on its infrastructure which comprises
software, hardware, telecommunications networks, databases that supports responsive change
particularly after a cyber-attack with the company readiness and procedures managed by various
experts to prevent such an attack from reoccurring. (Zwass, 2016)
The focus of this study is to analyze the information system’s structure and infrastructure,
as the organization identifies its mission-critical system, the multiple threats towards the
information systems infrastructure, devising a plan to avoid those threats and implement the
proposed recommendations for the organization work well. The use of password cracking tools
for ethical purposes is discussed as well. It’s an essential need within an organization for legal
issues or to recover forgotten passwords for the security purposes
Information Systems Infrastructure
The chart below explains the organizational structure of Medicare for All Health Center,
which is based off two main structures Administrative operations and Information Efficacy with
the information center storing all the data of each healthcare unit.
Recent trends have healthcare centers with their information centers as a separate entity
headed by experienced personnel, which further divides the departments to work separately to
assist, technical services, and information services to required departments and end users.
Information efficacy requires the increased use of computers to enhance coordination and
supporting professional services and information technology. Among business units, like
pharmacy and a business strategy, which could function in hospitals, the staff of the Health
Center can coordinate by working towards effective clinical and management skills.
Mission critical system
Encryption software for Electronic health records of patients. The need for encryption software
in organizations that store sensitive information is vital.
Computerized physician order entry (CPOE) is the process of a medical professional
entering medication orders or other physician instructions electronically instead of on paper
charts. It helps reduce errors related to poor handwriting or transcription of medication orders.
(Rouse, 2014)
It’s also essential for protecting health information by restricting access to just physicians
and nurses to avoid delays of the entire system especially in medication orders and delivery. The
CPOE software should be used to limit access to only physicians, nurses, and authorized staff.
Every user should have a particular password, as the software is password protected from havi …
Purchase answer to see full
attachment

error: Content is protected !!