The scope of the project is to create an enterprise-wide risk-based IT security program that protects IT assets, reputation, and data through proactive synchronization with the Henry Ford Health System business strategy.
The Henry Ford Health System (HFHS) is a non-profit, integrated medical system in Metro Detroit. The commercial headquarters are located at One Ford Place in Midtown Detroit, Michigan. Henry Ford founded the health system in 1915, comprising of a 17-member governing board. Henry Ford Health System also owns Health Alliance Plan, a health insurance company. The decision to work with the Henry Ford Health system was partly influenced by their status as a renowned firm in the health industry and recent changes in Cyber Security and Assurance Standards, which have led to an increase in service requests to Henry Ford Health System
The fundamental vision of Health Ford’s IT Security department is to develop an enterprise-wide risk-based IT Security program that ensures the protection of IT resources, reputation, and details through preemptive alignment with Health Ford’s business strategy. This department’s primary objective is to “protect the trust,” which is split into three: infrastructure protection, patient data, and distribution system defense, and Internet Protocol (IP) and data protection. Infrastructure protection goals include network security, PC and server safety, anti-virus programs, supervision, and efficient vulnerability analysis. The second part’s responsibilities include securing web-based applications, e-Messaging, information sharing, and promoting individual information and understanding.
Key Decision Makers (Criterion 3)
The key stakeholders include the CEO and the project managers. The CEO will assist in providing as much information as is relevant to the needs of this scope, excluding any proprietary information. The project managers should collaborate to develop requirements and decide the information collection phases. The primary objective ought to be to guarantee that fresh systems provide the organization’s project administrators with all of the information required to make sound choices in a precise, responsive, and significant way.
(What are the key project phases, deliverables, and milestones by dates? Could be a table, bullet points.)
| Activity | Start date | End date | Key Deliverable(s) |
| Project Start | March 1, 2022, | February 16, 2023 | To create an enterprise-wide risk-based IT security program that protects IT assets, reputation, and data through proactive synchronization with the Henry Ford Health System business strategy.
|
| Milestone 1 | March 5 2022 | March 30 2022 | Choosing the best team members for the project |
| Milestone 2 | April 1st 2022 | April 20 2022 | Obtaining security services for the web-based application, server software, and devices |
| Milestone 3 | April 22 2022 | May 22 2022 | Perform data conversions and load balancing |
| Milestone 4 | May 24 2022 | June 25 2022 | Setting up the software and hardware information for a safe environment. |
| Milestone 5 | June 27 2022 | July 28 2022 | infrastructure development |
| Milestone 6 | July 30 2022 | August 30 2022 | Infrastructure installation for security |
| Milestone 7 | September 1 2022 | October 5 2022 | Examine the software that will carry out the necessary tasks for the final user. |
| Milestone 8 | October 6 2022 | November 5 2022 | Determining whether records can be quickly converted from one format to another. |
| Milestone 9 | November 7 2022 | December 20 2022 | Documentation to ensure effective, simplified, and consistent progress of a project |
| Project End | January 5 2022 | February 16 2022 | Teach administrators how to test the functionality. Employees should be trained on how to use the framework and how to verify for security flaws. |
During this scope, we will evaluate Henry Ford Health System’s current security measures to see if they adhere to the CIA Triad’s minimum fundamental rules and other standards. The CIA triad, also identified as Confidentiality, Integrity, and Availability, is an acronym for Confidentiality, Integrity, and Availability. This model is intended to guide policies for an organization’s Information Security requirements.
In network security, confidentiality is used to define and enforce information and data access levels. A company phone directory would be on the lower end of the confidentiality risk spectrum. In contrast, a worker file containing wages, banking, liens, and other details not generally shared with unauthorized persons would be higher.
Integrity in security refers to the ability to prevent data from being modified or altered in an unauthorized or detrimental manner. If information is omitted or an email is altered by someone outside the institution posing as someone inside the organization. IT security oversees the release management for encrypted communications and the leadership of supporting documentation, retention prerequisites, and version control of data security files.
The ability to access data when needed is referred to as data availability. This concept is best demonstrated by meticulously preserving all hardware, conducting hardware repairs as soon as required, and retaining an efficiently functioning operating system environment free of software conflicts.
Authentication is the act of deciding whether or not someone or something is who or what they claim to be. Multiple authentication protocols are used in the Henry Ford Health System. This procedure includes the electronic transmission of remote access cards. A standard login process is initiated, followed by alphanumeric character configurations. These characters are drawn from the person’s or owner’s RAC.
Given that Henry Ford works with partners who conduct business internationally, maintaining compliance in all areas, along with General Data Protection Regulations, Payment Card Industry, Cloud Security Alliance (CSA), and Security, Trust, and Assurance Registry level 2 Attestation, will be critical. These are a few of the regulatory requirements that necessitate the assimilation of security systems.
Human Factors of Cyber Risks will be among the many unique challenges. This could include implementing some lean best practices. Assessing the current workforce and providing instruction to those who require it most. Front-line personnel, field personnel, and C-level stakeholders
Due to the limitations of the workforce’s abilities, this process will be a sensitive phase in the overall view for the CEO. The capacity to leverage the skills and possibilities to change management should be highly valued. With one goal in mind: to maintain Henry Ford integrity and reputation to the highest ethical standards plausible.
(List three strategies.)
(Compare two tools.)
(List three strategies)
Policy Recommendation 1
Policy Recommendation 2
Policy Recommendation 2
(Describe three.)
Physical Security Strategies (Criterion 2)
(List two for each area.)
(Should be specific to your target company.)
(List two tools or strategies—should be specific to your target company.)
Policy Recommendation 1
Policy Recommendation 2
(Should be specific to your target company and its environment.)
(Should be specific to your target company and its environment.)
OS Hardening Recommendation (Criterion 5)
(All policy recommendations from weeks 2–4 will go here.)
(With what regulatory compliance objectives must your target company comply? (For example, HIPAA, Sarbanes-Oxley, FDA, FTC, GDPR.)
Could be the same as ‘Availability, Confidentiality, Authentication, and Integrity’ under Project Scope.
(How will your target company succeed globally with the new security solution? Use supporting evidence and resources to support your statements.)
