User Account

All Pages

Are there possible ways the cio can transfer the risks

Assignment Help Management Information Sys
Reference no: EM131347064

Assignment

Daily life requires us to have access to a lot of information, and information systems help us access that information. Desktop computers, laptops, and mobile devices keep us connected to the information we need through processes that work via hardware and software components. Information systems infrastructure makes this possible. However, our easy access to communication and information also creates security and privacy risks. Laws, regulations, policies, and guidelines exist to protect information and information owners. Cybersecurity ensures the confidentiality, integrity, and availability of the information. Identity management is a fundamental practice. Part of identity management is the governance of access, authorization, and authentication of users to information systems, Identity management is one part of a layered security defense strategy within the information systems infrastructure. Your work in this project will enable you to produce a technical report and nontechnical presentation that addresses these requirements.
There are six steps that will lead you through this project to create your final deliverables. You should complete Project 1 during Week 1. After beginning with the workplace scenario, continue to Step 1: "Defining the Information System Infrastructure," which builds upon the problem presented in the scenario.

When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
• 2.3: Evaluate the information in logical manner to determine value and relevance.
• 5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
• 6.2: Create a roadmap for organizations to use in development of an IMA program (to address gaps in their current offerings).

Step 1: Defining the Information System Infrastructure

The director of IT and the members of the board would like an as-is definition of the information system infrastructure of a healthcare organization. You will begin your report with this background description. You will provide the following information in your review of the current information systems infrastructure:

1. Choose and research a healthcare organization, noting its organization and structure. Define the healthcare organization's structure and identify the different business units and their functions. You may use a variety of methods to provide this information, such as an organizational chart.

2. Choose one or more mission critical systems of the healthcare organization. Define the information needs, as they relate to the organization's mission critical Protected Health Information (PHI). This information is stored in database medical records for doctors, nurses, and insurance claims billing systems, which are used to fulfill the organizational information needs.

3. Define the workflows and processes for the high-level information systems. Your definition should include a high-level description of information systems hardware and software components and their interactions. Take time to read the following resources. They will help you construct your definition.

o Information systems hardware
o Information systems software

You may supply this information as a diagram with inputs, outputs, and technologies identified. Consider how you might restrict access and protect billing and PHI information.

4. The links shown below provide access to essential information you'll need to complete this part of the hospital's information system infrastructure definition. Click each link, review its resources, and refer to them as you compose this part of the definition.

o Open Systems Interconnections (OSI) Model
o TCP/IP protocols
o network protocols

You will include these definitions in your report.

Step 2: Threats

Now that you have defined the hospital's information system infrastructure, you will cover the web security and threats the system faces and introduce identity management as a solution.

To complete this section of the report, you'll brush up on your knowledge of threats by reading the following resources: web security issues, insider threats, intrusion motives/hacker psychology, and CIA triad. Take what you learned from these resources to convey the threats to the hospital's information systems infrastructure. Include a brief summary of insider threats, intrusion motives, and hacker psychology in your report as it relates to your hospital data processing systems. Relate these threats to the vulnerabilities in the CIA triad.

This section of your report will also include a description of the purpose and components of an identity management system to include authentication, authorization, and access control. Include a discussion of possible use of laptop devices by doctors who visit their patients at the hospital, and need access to hospital PHI data. Review the content of the following resources. As you're reading, take any notes you think will help you develop your description.

1. Authorization
2. Access control
3. Passwords
4. Multi-factor authentication

Next, expand upon your description. Define the types of access control management to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multi-factor authentication.

You will include this information in your report.

Step 3: Password Cracking Tools

Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom to complete this project, you must register for CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and trained to help you.

Click here to access the Project 1 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use.

You have successfully examined the threats to a healthcare organization's information systems infrastructure. Now, you must begin your research into password cracking software. Start by experimenting with the password cracking tools available to you in the lab. Enter Workspace and complete the lab activities related to authentication and password recovery/cracking. Do some quick independent research on password cracking as it applies to your organization.

Step 4: Comparing Software

Note: You will utilize the tools in Workspace for this step.

You have successfully tested more than one password cracking tool. Compare them. Not all password cracking tools will necessarily perform with the same speed, precision, and results, making it important to test a few different products. The comparison will be part of your assessment and help you make recommendations on the use of such tools. You will test the organization's systems for password strength and complexity and complete validation testing. You will compare the results obtained from your first and second tool.

1. Read this article about cyberattacks, perform two different types of cyberattacks in the first, and in the second tool, crack user account passwords. Describe them in simple nontechnical terms for the leadership. You can identify which tool is the most effective and why for your organization's IT environment

2. Compare and contrast the results from the two methods used to crack the accounts for the three passwords (each encrypted by the two hash algorithms). Show their benefits. You can make certain conclusions that help your company's cybersecurity posture after using these methods.

3. Explain to the director of IT and the members of the board that the healthcare organization's anti-virus software will detect password cracking tools as malware. Also explain how this impacts the effectiveness of testing security controls like password strength. Help the leadership understand the risks and benefits of using password cracking tools, through persuasive arguments in your report and presentation. If any of the tools take longer than 4-5 minutes to guess a password, record the estimated length of time the tool anticipates to guess it.

Include this information in your presentation.

Step 5: The Non-Technical Presentation

You now have the information you need to prepare your product for stakeholders. Based on the research and work you've completed in Workspace, you will develop two items: a technical report for the director of IT, and a nontechnical slide show presentation for the members of the board. You will tailor the language of your reports appropriately to the different audiences.

The nontechnical presentation: Your upper-level management team consists of technical and nontechnical leadership, and they are interested in the bottom line. You must help these leaders understand the identity management system vulnerabilities you discovered in password cracking and access control. They need to clearly see what actions they must either take or approve. The following are a few questions to consider when creating your presentation:

1. How do you present your technical findings succinctly to a non¬technical audience? Your technical report for IT will span many pages; but you will probably be afforded no more than 30 minutes or 8-10 slides for your presentation and the following discussion with leadership.

2. How do you describe the most serious risks factually but without sounding too temperamental? No one likes to hear that their entire network has been hacked, data has been stolen, and the attackers have won. You will need to describe the seriousness of your findings while also assuring upper-level management that these are not uncommon occurrences today.

3. How do your results affect business operations? Make sure you are presenting these very technical password cracking results in business terms upper-level management will understand.

4. What do you propose? Management will not only want to understand what you have discovered; they will want to know what you propose as a solution.

Step 6: The Technical Report and Executive Summary

The technical report and the nontechnical presentation will identify compromises and vulnerabilities in the information systems infrastructure of the healthcare organization, and identify risks to the organization's data. You will propose a way to prioritize these risks and include possible remediation actions.

The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. After you have defined the roles within the organization, recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format, as part of your list of recommendations.

Provide a comparison of risk scenarios to include the following:

1. What will happen if the CIO and the leadership do nothing, and decide to accept the risks?
2. Are there possible ways the CIO can transfer the risks?
3. Are there possible ways to mitigate the risks?
4. Are there possible ways to eliminate the risks?
5. What are the projected costs to address these risks?

Provide an overall recommendation, with technical details to the director of IT.

The executive summary: In addition to your technical report, also create a nontechnical report as an executive summary.

The deliverables for this project are as follows:

1. Nontechnical presentation: This is a 8-10 slide PowerPoint presentation for business executives and board members.

2. Technical report: Your report should be a 6-7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.

3. Executive summary: This should be a 2-3 page double-spaced Word document.

4. In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.

Verified Expert

This assignment is management of information system infrastructure of a healthcare organization. In this assignment a technical report and a non technical presentation is prepared which include information system infrastructure of a healthcare organization. Threats, Password Cracking Tools, software comparisons are also included in this report. Recommendations for access control and authentication mechanisms to increase the security within the identity management system are also included in this report.

Reference no: EM131347064

Questions Cloud

Explain the scorecards advantages and disadvantages : Explain the scorecards' advantages and disadvantages? Explain how the scorecard can be applied specifically to information technology?
Determine the stagnation pressure and temperature : Air flows in a circular tube with a velocity of 275 ft/s at a temperature of 103°F and a pressure of 175 psig. Determine its stagnation pressure and temperature.
Determine the isentropic stagnation temperature : Determine the isentropic stagnation temperature and pressure of the steam by Assuming steam to be an ideal gas.
Analyze the multi-national and global aspects of the article : Analyze the multi-national and global aspects of the article - what is the impact or what is the importance of the information in the article?
Are there possible ways the cio can transfer the risks : Are there possible ways the CIO can transfer the risks? Are there possible ways to mitigate the risks? Are there possible ways to eliminate the risks? What are the projected costs to address these risks?
What is the percentage of learning at emerson : Using the learning curve equation for these labor costs, log C = 3.30755 - 0.28724 log Q, calculate the estimated cost of the 200th unit of output. What is the percentage of learning at Emerson?'
Develop a pamphlet to inform parents and caregivers : Share the pamphlet you have developed with a parent of an infant child. The parent may be a person from your neighborhood, a parent of an infant from a child-care center in your community, or a parent from another organization, such as a church gr..
Construct the long-run average total cost schedule : Based on the cost schedules calculated in part (a), construct the long-run average total cost schedule for the production of blenders.
Determine the isentropic compressibility of the water : If the speed of sound in saturated liquid water at 90.0°C is 1530 m/s, determine the isentropic compressibility α of the water.

Reviews

inf1347064

1/16/2018 4:19:42 AM

Outstanding...Without any doubt, I would use your service for more time surely. Not exclusively did she return path before the due date and almost no amendments were required. Good work. Thanks a lot.

Write a Review

Management Information Sys Questions & Answers

  Create a new field in the manufacturer table after rlmfgcode

Create a new field in the Manufacturer table after RlMfgCode named Website with the Hyperlink data type. Save the table. Switch to Datasheet view, add the Web site http://www.lenox.com to the Lenox China record (7).

  Comprehensive report - starbucks inc 261your mission is to

comprehensive report - starbucks inc. 261your mission is to develop a comprehensive report to your ceo based on the

  Provide a description and component of information system

Provide a description and the major components of the information system. This should be facilitated by using models of the information system.

  Collaboration tools based on your knowledgeas we create new

collaboration tools based on your knowledgeas we create new and better ways to collaborate - what happens to

  How hard is the ist 195 final

How hard is the IST 195 final? The professor made it seem pretty challenging.

  How an organization can determine the effectiveness

Discuss the job functions that are needed to support the intended information system used by the organization. Include a description about how an organization can determine the effectiveness of an information system

  Student query supply chain managementabc car manufacturer

student query supply chain managementabc car manufacturer is subject to caps on co2 emissions and would like to assess

  Why and how the use of social media can ensure your company

Different types of cloud computing solutions that include your recommendation for the best choice and why you made that choice. An Office Productivity Software solution in a collaborative environment and why it is important to move in that direction.

  Explain benefit of risk assessment for an it infrastructure

Explain the benefit of risk assessment for an IT infrastructure. How does an IT manager faced with a list of several risks know which risks to focus on first?

  Lester and koehler talk about the time

Lester and Koehler talk about the time it takes to get information. This has changed greatly in the last few years. Does this change how we use information or what we expect from information?

  Implementation of a information system for an organization

Principles of Information Systems and Data Management - You are the System Analyst involved in studying the creation & implementation of a new information system for an organization.

  What is the optimal production schedule for firm

What is the optimal production schedule for firm? What is the profit contribution of each of these products and How many hours are used for machine 3 with the optimal solution?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd