Capstone

Running head: INFORMATION SECURITY 1

INFORMATION SECURITY 3

Information Security

Name

Institutional Affiliation

Information Security

Introduction

Information security is defined as the means by which data in computer systems are protected. The protection will ensure that the confidentiality, integrity, and availability of the data is maintained. Regardless, the proposal of the organization is that it is to provide data analytics services to various companies in the health sector. By taking advantage of emerging technologies such as cloud computing the company will not only be able to offer its services at competitive rates but will also be able to improve overall performance whilst ensuring data security (Peltier, 2016). Cloud computing, in general, refers to the delivery of computer resources from applications to data centers such as those that will be owned by the company. The basis of this strategy is to have easily available and secured data over the internet. Moreover, it has also been identified that the cloud service to be used is Software as a service (SaaS) (Peltier, 2016). It is the use of an application that is run by a distant computer on the cloud via a browser or internet-based application. By understanding this basis of operations, it will better demonstrate how information security will be attained.

Reasoning

The SaaS approach was selected for numerous reasons among them, its high flexibility and attractive nature to the clients. Additionally, by simplifying its installation and overall utilization, it eliminates security vulnerabilities. With security as its core value, the SaaS approach to cloud computing offered eliminates control over the hardware by the client (McCoy & Perlis, 2018). This approach is necessary for numerous reasons among them is the fact that having the hardware within the organization it will make it vulnerable to outside attacks, human error, and malicious employee activities all of which can result in data loss. This realization was after a study conducted by Accense, an analytical company, during the period of 2009 and 2014, the number of cyberattacks increased drastically (McCoy & Perlis, 2018). According to their figures, the numbers rose from a total of just over 3 million attacks per year to over 42 million attacks. For example, in 2017, the total number of data breaches cost companies an approximate of $3.6 million (McCoy & Perlis, 2018). With the figure expected to be significantly higher in 2019, the best approach to limiting cyberattacks and overall data breaches is by employing SaaS cloud services.

SaaS and Information Security

The strategy of using SaaS is advantageous because it allows numerous features to be included. This allows for the automated implementation of security measures while data is being stored or extracted from the database. Among the features present are transit protection between the client and the service. This security measure is critical as some forms of cyber-attack target data while they are in transit to the storage areas over the internet (Rittinghouse & Ransome, 2017). By using complex encryption algorithms, the data if intercepted during transmission will be useless to the hacker without the decryption key. Secondly, all user accounts will have mandatory authentication processes that will further secure the accounts of the application users. This will limit unauthorized access to the application; this strategy will be needed for any data to be transferred, added, destroyed or manipulated (Rittinghouse & Ransome, 2017). The healthcare sector in 2017 was the most affected industry with relation to cyberattacks, by automating their security measures, future attacks can be limited.

The SaaS approach also allows for auditing or logging of activities, the objective of this security approach is to maintain accountability. By reviewing the activities of the users, malicious employees can be easily identified and the necessary disciplinary action implemented (Rittinghouse & Ransome, 2017). Finally, the SaaS platform will allow for the utilization of already available cloud computing security protocols further ensuring the safety of the data uploaded as well as the information stored. An example of the security measure in place include protection against DDoS and access regulation to prevent unexpected interceptions.

Data Valuing

When valuing the company and its data, the main area of focus was the market niche it was targeting. Technology is evolving at a rapid rate and this is especially recognizable in the healthcare industry. The majority of modern healthcare institutions have migrated from the legacy system and embraced electronic health records (Chang, Kuo, & Ramachandran, 2016). It is the digital format of medical records mandated by the HITECH (Health Information Technology for Economic and Clinical Health) Act. This act is then enforced by the ARRA (American Recovery and Reinvestment Act) of 2009 (Chang, Kuo, & Ramachandran, 2016). Nevertheless, the value collected and stored will have to undergo processes that will not only allow it to be verified but also screened to be classified in different clusters. The process allows for network optimization to be achieved thereby allowing for faster processing and storing of data collected from the client’s end. Moreover, the patterns used by the client’s in accessing as well as transmitting data are analyzed for better operations of the service (Chang, Kuo, & Ramachandran, 2016).

Conclusion

Big data is the future for all industries as it offers the needed insight and understanding of operations thereby allowing for cloud computing services to progress their services. This is demonstrated by the approach that is adopted by Health Cop. The company will be sampling data with the main objective of improving the network and overall system.

References

Chang, V., Kuo, Y. H., & Ramachandran, M. (2016). Cloud computing adoption framework: A security framework for business clouds. Future Generation Computer Systems, 57, 24-41.

McCoy, T. H., & Perlis, R. H. (2018). Temporal trends and characteristics of reportable health data breaches, 2010-2017. Jama, 320(12), 1282-1284.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.

Rittinghouse, J. W., & Ransome, J. F. (2017). Cloud computing: implementation, management, and security. CRC press.