Week 3

Screenshots: Insert and title (with step number) all screenshots in the same order as the order specified in the assignment directions.

Part 1.3 Response:

Vulnerability Management

Vulnerability management policies define all the processes involved in the identification, classification, and mitigation of vulnerabilities associated with system software. The process can be basically defined as the central aspect of preparing organizations for risks associated with their system software (Kapur, 2019). For the case of Laskondo Healthcare, there are a lot of measures that should be taken into consideration given the big size of the facility in terms of employees and the population of patients it serves.

IT security standard is one major vulnerability management policy that would be efficient for this healthcare. This involves scanning computer devices found in the institution in order to recognize the existence of vulnerability and then come up with a mitigating strategy before the damage runs out of control (Kapur, 2019). This policy will aid in checking if the systems of this healthcare have been corrupted at some point during its operation. The policy works in detecting intrusion and testing the effectiveness of the security passwords accorded to different devices in the office such as the windows 10 desktop systems in the healthcare institution.

The health institution also owns a variety of servers that should be protected from vulnerability. This means the IT security standard will work towards ensuring that the servers in the hospital are protected through frequent scanning of their performances. This will help determine if the servers in the institution are infected with a computer virus or have been compromised by an individual. Thus the IT security standard management policy will not only be effective in protecting the systems from unauthorized access but will also help in taking care of possible vulnerabilities to the servers.

In order for this policy to be effective, it is important that the proper scanning tools be availed to the institution. Different devices require different scanning devices. The scanning tools should be in a position to scan information from the central position of the institution and then be in a position to give out recommendations for different results from the scanning and the level of severity of the vulnerability on the device. Frequent scanning should be done in the hospital’s computing tools, file systems, the servers and also the routers.

[Enter content for Part 2 of the assignment here – make sure to label your work appropriately.]

[Item 2.1]:

Patch Management Policy

A patch management policy is important for every organization that deals with confidential data and incorporates information technology in their operations. The policy works in finding out the control processes that help provide protection from threats that could negatively alter the security of the information system.

When it comes to patch management in a health institution, monitoring plays a central role as a patch management policy (Kapur, Kumar & Verma, 2018). At this step, it is important for this healthcare to be able to realize situations where a patch is needed. This is to say that the people in charge of security should be aware of what should be done in case there is a threat to the institution. This involves both the physical threats as well as threats that involve the systems. The current events taking place in the IT sector both within the organization and in other social media platforms should be identified in the monitoring section of the policy. This will help the hospital to prepare for uncertainties as in some cases vulnerability is made aware before the vendor is in a position to come up with a patch. It is therefore important for the IT department of healthcare to act on such immediately.

The monitoring will be majorly handled by the Network Operations individual who will periodically scan the networks and servers of Laskondo and come up with an identified vulnerability. After identification of vulnerability, proper communication channels should be followed so that the information arrives at the chief information officer position. Monitoring will also involve close observation of the activities of all groups of people who have a hardware system operating within the servers of Laskondo Healthcare. Generally, through monitoring, healthcare will be able to identify the existence of a patch.

After a patch has been identified, the Network Operators of the institution will be able to save it within hours after it has been released. It will then be able to analyze the patch and classify it depending on the level of urgency it requires. Those patches that will be found to be about to happen will be looked at immediately as it will be considered to be an emergency to healthcare’s networks (Kapur, 2019). A patch that will be seen as a threat to the security of Laskondo will be dealt with critically. It must be noted however that a patch may be identified and yet it has no effect on the operations of Laskondo Healthcare while a patch may also be released as an update to the network and servers of the Healthcare.

After the identification of the class of a patch, the patch will then be tested. The testing part happens depending on the effect of the patch on the networks of Laskondo Healthcare. The stage of testing also focuses on validating the patch against all the windows servers of the organization. Once a patch has been tested, it is important that a request for technical changes is composed and approved before the patch is released (Kapur, Kumar & Verma, 2018). All the staff in healthcare should be made aware. The patch will then be implemented basing on the category in which it lies. A patch that is once classified as emergency may be implemented before it is tested since delaying its implementation may cause a great threat to healthcare.

[Item 2.2]:

References

In Kapur, P. K., In Kumar, U., & In Verma, A. K. (2018). Quality, it and business operations: Modeling and optimization.

Kapur, P. K. (2019). System performance and management analytics. Singapore: Springer