Assignment 2 and Class Activity W8 509
In class activity Week 8
STUDENT NAME:
You are tasked to improve the IT system for the Hospital. The Hospital information system has been in use to furthering the Hospital Network’s efforts for a more effective, competitive and sustainability. The information system is the comprehensive, integrated information system designed to manage all the aspects of a Hospital’s operation, such as administrative, financial, and legal issues and the corresponding processing of services.
Main Parameters of the Hospital’s intranet:
· Currently 350 Patients in the Hospital
· There are 40 full time Doctors
· There are 200 full time Nurses.
· Buildings and rooms. Three Buildings
· Hospital is a four-story building: 350 Patients Room, and 25 offices
The Hospital IT system has: 10 Local area networks, one Database for patients records, one Database for Employee records, telecom networks to connect all, WiFi access points and printers in each floor. Hospital has service agreement for Local Internet Service Provider.
Question 1
List the IT assets that Hospital IT system is going to need to fulfil the mission. You should consider the INTRANET of the hospital and list the Hardware and software components of the complete IT system.
Question 2 Prepare the Control Spreadsheet which covers
· List of Assets
· Disruption, destruction and disaster cases
· Intrusion (both external and internal)
· Use the given control measures to protect the IT system
|
IT ASSETS OF THE HOSPITAL |
REGIONAL DESTRUCTION, DAMAGE |
COMPANY SPECIFIC INTRUSION |
|||
|
|
Fire |
Flood |
Power loss |
Internal Intruder / Hacker |
External Intruder / Hacker |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
USE THE FOLLOWING CONTROL MEASURES
1. Disaster recovery plan and education / training
2. Halon fire system & sprinklers
3. Not on or below ground level
4. UPS (uninterruptible power source)
5. Virus checking software present and updated
6. Extensive user training about viruses
7. Strong password policy
8. Extensive user training about password security
9. Application-layer firewall
10. Firewall for data communication in &out of the system
11. Content filtering at the Gateway
12. Multi-factor authentication
Answer the following questions:
· How can you protect Patients Records Database against external intrusion type of attacks?
· How can you protect Employee Records Database against internal intrusion type of attacks?
You should be writing about the type of attacks and the countermeasures for each.