Cyber

Inject yourself into the given scenario for each part of this proposal and respond as the security system engineer at the military hospital You are providing this entire proposal to the hospital’s contracting officer. It must be specific enough for him or her to send out for solicitations.

Integrate your information from Step 1. Provide an introduction to your security requirements for the specific, new Medical Healthcare Database Management System (DBMS). What assumptions are you making? What is included and what is not included? What groups or individuals will use the database? For what purposes? What types of data may be stored in the system? How will the data get to the database from the users? What is the importance of keeping this data secure? What types of security and where does each type apply? This is RFP is aimed at vendors who will bid on the contract for providing the system to the hospital. The quality of each response will depend on how specific and how well you specify the system requirements.

2.0 RDBMS AND SECURITY REQUIREMENTS-[Your Name]

Integrate your information from Step 2.

2.1 Database Environment

2.2 Database Information per User Type

2.3 Database Attributes

2.4 Database Security Assurance and Requirements (3 minimum, 5 maximum)

3.0 DATABASE STANDARDS AND BEST PRACTICES REQUIREMENTS-[Your Name]

Integrate your information from Step 3.

3.1 National, International and Industry Standards Compliance

3.2 Security Performance Measurement and Monitoring

4.0 OPERATIONAL DATABASE SECURITY MEASURES REQUIREMENTS-[Sections 4.1-4:Your Name, Section 4.5: Your Name]

Integrate your information and lab results from Steps 4 and 5, respectively.

4.1 Delivery Time frame

4.2 Department of Defense Concept of Operations (ConOps)

4.3 Database Environment and Boundaries

4.4 Security Defense Models and Methods

4.5 Lab-based Data Security Measures-[Everyone]

Note: You are responsible for execution of the lab and Section 4.5. Integrate your lab results from Step 5, here.

5.0 SYSTEM SOLUTION FOR DATABASE SECURITY REQUIREMENTS-[Your Name]

Integrate your information from Step 6.

5.1 Web Interface

5.2 Functional Interface

5.2.1 Users

5.2.2 Vendors

6.0 OPERATING SYSTEM DATABASE SECURITY SOLUTION REQUIREMENTS-[Your Name]

Integrate your information from Step 7.

6.1 OS Ring Segmentation

6.2 Trusted Computing Platform Module

6.3 Trusted Computing Base

6.4 Other OS Security Measures

7.0 DEFENSE IN DEPTH DATABASE SECURITY SOLUTION REQUIREMENTS-[Your Name]

Integrate your information from Step 8.

7.1 Confidentiality and Integrity of Data

7.2 Authentication

7.3 Authorization

7.4 Access Control Security Models (by user types)

8.0 ACCESS CONTROL DATABASE SECURITY SOLUTION REQUIREMENTS-[Your Name]

Integrate your information from Step 9.

8.1 Demonstration Database Management Systems Access Enforcement Capabilities by Vendor

8.1.1 Access Controls for Confidentiality and Integrity of Data

8.1.2 Authentication

8.1.3 Authorization

9.0 TEST PLAN AND REMEDIATION REVIEW-[Your Name]

Integrate your information from Step 10. NOTE: Choose only ONE component of the medical database management system for this test plan. Concentrate on that ONE component and associated data at rest, in transit and in use.

9.1 Procedures for Vendor Testing

9.2 Identification of Vulnerabilities in Data and Selected Component

9.3 Test Procedures for Data and Selected Component

9.4 Security Hardening Requirements for the Data and Selected Component Vulnerabilities

10.0 SUMMARY-[Everyone]

11.0 REFERENCES -[Everyone]

APPENDIX-LAB RESULTS-[Your Name]

Provide your lab report and specific results from your lab in the template provided. Either attach these here or submit it separately in your Assignment Folder. Your specific insights, comparisons, results and applicability, which are important for the RFP, should be identified and used in Section 4.5, above. You are responsible for both this Appendix and Section 4.5.

Page 5 of 5