Choose a Case and Complete the Project Plan Hospital to Research (Kaiser Permanente) Select a hospital or health care organization as your case to research. Consider an organization you are familiar with or one for which you can find sufficient information. To maintain confidentiality, you do not need to mention the name of the organization. You can also refer to the Health and Human Services (HHS) site for organiza

1.     Choose a Case and Complete the Project Plan

Hospital to Research (Kaiser Permanente)

Select a hospital or health care organization as your case to research. Consider an organization you are familiar with or one for which you can find sufficient information. To maintain confidentiality, you do not need to mention the name of the organization. You can also refer to the Health and Human Services (HHS) site for organizations that have reported breaches. Also, read this cybersecurity field overview to consider different roles that may apply as you review your case.

Now that you have chosen a case, the next action is to establish how you will apportion the work. Use your team space to share ideas and publishs of each member’s contribution.

Conduct research to capture the organization’s infrastructure and processes, the threats to personal health information (PHI) and determine a strategy to mitigate the threats you anticipate. This research will go into the technical report (or white paper, nine to 10 pages excluding cover sheet, references, and any appendices). After the paper is written, you will create a one-page executive summary of the paper. It will be part of the technical report document, immediately after the cover sheet and before the text of the report.

  1. Create an Organizational Profile for Your Case

Now, it is time to research your chosen case to determine how the organization’s IT department operates, how it is structured, and how PHI is moved around the organization for stakeholders’ use. Next, review the materials in the links below to define and describe the hospital’s information system infrastructure.

It is important to understand the organization’s workflow `processes—how they move patient information to the business units that need to process and manage that information, from billing to physician care. All these organizations employ hardware and software within their information systems. It is critical to understand these components, termed a “typology,” and how the components are connected so that appropriate security is put in place to protect sensitive information.

Your research should provide examples of how an information system is connected to cybersecurity components, like firewalls in the information system and network. Be sure you understand the benefits and weaknesses of your case’s network topology.

Your definition of the organization’s typology should include a high-level description of information systems hardware and software components and their interactions. Take time to read the following resources.

The table below provides a focus for your search strategies. You should consult scholarly resources as well as online resources, newspapers, websites, and IT blogs for similar contemporary cases.

Topics to Address in the Organizational Profile

  1. Describe the organization and structure. The structure will include the different business units and their functions. You may use an organizational chart to provide this information.
  2. Define information security needs to protect mission-critical systems. Choose one or more mission-critical systems of the health care organization. Define the information protection needs for the organization’s mission-critical protected health information (PHI). This information is stored in database medical records for doctors, nurses, and insurance claims billing systems, which are used to fulfill the organization’s information needs.
  3. Define the workflows and processes for the high-level information systems that you have just identified.Workflows and processes for health care organizations define how the organization gets its work done.
  4. Describe how the typology fulfills the needs of the health care organization.You may supply this information as a diagram with inputs, outputs, and technologies to define workflows and processes for the high-level information systems.

In the next step, you will consider threats to the organization’s information security and how to mitigate them.

  1. Develop Analysis of Threats to the Organization’s Information Systems Infrastructure

Now that you have defined the hospital’s information system infrastructure, you will have to learn about and demonstrate your understanding of the potential threats to those systems and the types of measures that could address those threats. In this section, you will learn about different types of identity access management solutions and how they protect against the threat of unauthorized access.

To complete this section of the report, start by reviewing the following resources:

Take what you learned about potential threats to assess the threat(s) to the hospital’s information systems infrastructure. Include a brief summary of insider threats, intrusion motives, and hacker psychology in your report as it relates to your organization’s data processing systems. Relate these threats to the vulnerabilities in the CIA triad.

Your report will also include a description of the purpose and components of an identity management system, to include authentication, authorization, and access control. Include a discussion of doctors’ use of laptop devices when they visit their patients at the hospital and need access to hospital PHI data. Review the following resources:

Next, expand your description by defining the types of access control management, to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multifactor authentication.

Topics to Address in the Description of Threats and Mitigation Strategies

  1. Describe potential threats to the organization’s critical mission areas. These may include sloppy information security practices, insider threats, or hackers wishing to steal personal data. Relate these threats to the vulnerabilities in the CIA triad.
  2. Describe how the organization restricts access to protect billing and PHI. Explain the organization’s processes and workflows to safeguard PHI, specifically the use of passwords, password management, and password protection in an identity management system.
  3. Define the access management system. What types of access control management, to include access control lists in operating systems, role-based access controls, files, and database access controls will it take to ensure that access is limited to those with a need to know?
  4. Define factor authentication systems. How do common factor authentication mechanisms, to include multifactor authentication practices, safeguard sensitive information for an organization like this?
  5. Discuss strategic considerations and provide recommendations. Review the mission and organization structure of your organization as well as roles within the organization, and recommend accesses, restrictions, and conditions for each role
  6. Discuss the manager’s risk considerations. What will happen if the CIO and the leaders do nothing and decide to accept the risks? Could the CIO transfer, mitigate, or eliminate the risks? What are the projected costs to address the risks?

Now, you are ready to start writing your technical report (white paper). The technical report will identify vulnerabilities in the information systems infrastructure of the health care organization, and identify risks to the organization’s data. Your paper will propose a way to prioritize these risks and propose remediation actions.

 

 

HelpHub
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Choose HelpHub

HelpHub

Quality Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

HelpHub

Qualified Writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

StudyAcer

Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account.

StudyAcer

On Time Delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. We will always strive to deliver on time.

StudyAcer

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text.

StudyAcer

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Help Hub

Place your order

Fill in the order form and provide all details of your assignment.

Help Hub

Proceed with the payment

Choose the payment system that suits you most.

Help Hub

Receive the final file

Once your paper is ready, we will email it to you.

HelpHub Writing Services

No need to work on essay at night. Sleep tight, we will cover your back. We offer all kinds of essay writing services.

HelpHub HelpHub

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

HelpHub HelpHub

Admissions

Admission Essays

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

HelpHub HelpHub

Editing

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

HelpHub HelpHub

Revision

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied.