Chat with us, powered by LiveChat Project 5: Database Security Assessment - Writeedu
Login

09 Jul Project 5: Database Security Assessment

Posted at 01:01h in General Questions by

Project 5: Instructions

Overview

Modern health care systems incorporate databases foreffective and efficient management of patient health care. Databases arevulnerable to cyberattacks and must be designed and built with securitycontrols from the beginning of the life cycle.

Although hardening the database early in the life cycle isbetter, security is often incorporated after deployment, forcing hospital andhealth care IT professionals to play catch-up. Database security requirementsshould be defined at the requirements stage of acquisition and procurement.

System security engineers and other acquisition personnelcan effectively assist vendors in building better health care database systemsby specifying security requirements up front within the request for proposal(RFP). In this project, you will be developing an RFP for a new medical healthcare database management system.

Parts of your deliverables will be developed through yourlearning lab. You will submit the following deliverables for this project:

Deliverables

  • An RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list with the report.

Steps:

Step 1: Provide an Overview for Vendors

As the contracting officer’s technical representative(COTR), you are the liaison between your hospital and potential vendors. It isyour duty to provide vendors with an overview of your organization. To do so,identify information about your hospital. Conduct independent research onhospital database management. Think about the hospital’s differentorganizational needs. What departments or individuals will use the , and for whatpurposes?

Provide an overview with the types of data that may bestored in the system and the importance of keeping these data secure. Includethis information in the RFP.

After the overview is complete, move to the next step toprovide context for the vendors with an overview of needs.

Step 2: Provide Context for the Work

Now that you have provided vendors with an overview of yourhospital’s needs, you will provide the vendors with a context for the workneeded.

Since you are familiar with the application andimplementation, give guidance to the vendors by explaining the attributes ofthe database and by describing the environment in which it will operate.Details are important in order for the vendors to provide optimal services.

It is important to understand the vulnerability of a relationaldatabase management system (RDBMS). Read the following resources about RDBMSs.

  •  
  •  
  •  
  •  
  •  
  •  (with a focus on broken authentication)
  •  (with a focus on broken access control)

Describe the security concepts and concerns for databases.

Identify at least three security assurance and securityfunctional requirements for the database that contain information for medicalpersonnel and emergency responders.

Include this information in the RFP.

In the next step, you will provide security standards forthe vendors.

Step 3: Provide Vendor Security Standards

In the previous step, you added context for the needed work.Now, provide a set of internationally recognized standards that competingvendors will incorporate into the database. These standards will also serve asa checklist to measure security performance and security processes.

Read the following resources to prepare:

  •  
  •  
  •  
  •  

Address the concepts and issues with respect to disastersand disaster recovery, mission continuity, , and cyberattacks.

Include these security standards in the RFP.

Step 4: Describe Defense Models

Now that you have established security standards for theRFP, you will define the use of defense models. This information is importantsince the networking environment will have numerous users with different levelsof access.

Provide requirements in the RFP for the vendor to state itsoverall strategy for defensive principles. Explain the importance ofunderstanding these principles. To further your understanding, click the linkand read about .

Read these resources on enclave computing environment:

  •  
  •  

Explain how enclave computing relates to defensiveprinciples. The network domains should be at different security levels, havedifferent levels of access, and different read and write permissions. 

Define enclave computing boundary defense.

Include enclave firewalls to separate databases andnetworks.

Define the different environments you expect the databasesto be working in and the security policies applicable.

Provide this information in the RFP.

In the next step, you will consider database defenses.

Step 6: Provide a Requirement Statement for SystemStructure

In the previous step, you identified defense requirementsfor the vendor. In this step of the RFP, you will focus on the structure of thesystem.

Provide requirement statements for a web interface to:

  1. Allow patients and other health care providers to view, modify, and update the database.
  2. Allow integrated access across multiple systems.
  3. Prevent data exfiltration through external media.

State these requirements in the context of the medicaldatabase. Include this information in the RFP.

In the next step, you will outline operating system securitycomponents.

Step 7: Provide Operating System Security Components

In the previous step, you composed requirement statementsregarding the system setup. In this step, you will provide the operating systemsecurity components that will support the database and the security protectionmechanisms.

Read these resources on . Then:

  1. Provide requirements for segmentation by operating system rings to ensure processes do not affect each other.
  2. Provide one example of a process that could violate the segmentation mechanism. Ensure your requirement statements prevent such a violation from occurring.

Specify requirement statements that include a trustedplatform module (TPM), in which a cryptographic key is supplied at the chiplevel. In those specifications:

  1. Describe the expected security gain from incorporating TPM.
  2. Provide requirement statements that adhere to the trusted computing base (TCB) standard.
  3. Provide examples of components to consider in the TCB.
  4. Provide requirements of how to ensure protection of these components, such as authentication procedures and malware protection.

Read the following resources to familiarize yourself withthese concepts:

  •  
  •  

Include this information in the RFP.

In the following step, you will write requirements forlevels of security.

Step 8: Write Requirements for Multiple IndependentLevels of Security

The previous step required you to identify operating systemsecurity components to support the database. For this step, you will focus onidentification, authentication, and access. Access to the data is accomplishedusing security concepts and security models that ensure confidentiality andintegrity of the data. Refer to  and  to refresh your knowledge.

The healthcare database should be able to incorporatemultiple independent levels of security (MILS) because the organization plansto expand the number of users.

Write requirement statements for MILS for your database inthe RFP.

  1. Include the definitions and stipulations for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula Model, and the Chinese Wall Model.
  2. Indicate any limitations for the application of these models.

Read the following resources and note which cybersecuritymodels are most beneficial to your database:

  •  
  •  
  •  

Include requirement statements for addressing insecurehandling of data.

Include this information in your RFP.

In the next step, you will consider access control.

Step 9: Include Access Control Concepts, Capabilities

In the previous step, you wrote requirements for multiplelevels of security, including the topics of identification, authentication, andaccess. In this step, you will focus on access control. The vendor will need todemonstrate capabilities to enforce identification, authentication, access, andauthorization to the database management systems.

Include requirement statements in the RFP that the vendormust identify, the types of access control capabilities, and how they executeaccess control.

Provide requirement statements for the vendorregarding  concepts, , and .

Include the requirement statements in the RFP.

In the next step, you will incorporate additional securityrequirements and request vendors to provide a test plan.

Step 10: Include Test Plan Requirements

In the previous step, you defined access controlrequirements. Here, you will define test plan requirements for vendors.

Incorporate a short paragraph requiring the vendor topropose a test plan after reviewing these .

Provide requirements for the vendor to supply an approximatetimeline for the delivery of technology. 

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

Do you need help with this question?

Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.

WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.

With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Chat with us today! We are always waiting to answer all your questions.

Click here to Place your Order Now