Henry Ford Health System Enterprise Security Infrastructure Approach

Project Background

The scope of the project is to create an enterprise-wide risk-based IT security program that protects IT assets, reputation, and data through proactive synchronization with the Henry Ford Health System business strategy.

Company Information and Selection Rationale (Criterion 1)

The Henry Ford Health System (HFHS) is a non-profit, integrated medical system in Metro Detroit. The commercial headquarters are located at One Ford Place in Midtown Detroit, Michigan. Henry Ford founded the health system in 1915, comprising of a 17-member governing board. Henry Ford Health System also owns Health Alliance Plan, a health insurance company. The decision to work with the Henry Ford Health system was partly influenced by their status as a renowned firm in the health industry and recent changes in Cyber Security and Assurance Standards, which have led to an increase in service requests to Henry Ford Health System

Main Business Problems and Goals (Criterion 2)

The fundamental vision of Health Ford’s IT Security department is to develop an enterprise-wide risk-based IT Security program that ensures the protection of IT resources, reputation, and details through preemptive alignment with Health Ford’s business strategy. This department’s primary objective is to “protect the trust,” which is split into three: infrastructure protection, patient data, and distribution system defense, and Internet Protocol (IP) and data protection. Infrastructure protection goals include network security, PC and server safety, anti-virus programs, supervision, and efficient vulnerability analysis. The second part’s responsibilities include securing web-based applications, e-Messaging, information sharing, and promoting individual information and understanding.

 Key Decision Makers (Criterion 3)

The key stakeholders include the CEO and the project managers. The CEO will assist in providing as much information as is relevant to the needs of this scope, excluding any proprietary information. The project managers should collaborate to develop requirements and decide the information collection phases. The primary objective ought to be to guarantee that fresh systems provide the organization’s project administrators with all of the information required to make sound choices in a precise, responsive, and significant way.

Project Timeline (Criterion 4)

(What are the key project phases, deliverables, and milestones by dates? Could be a table, bullet points.)

Activity Start date End date Key Deliverable(s)
Project Start March 1, 2022, February 16, 2023 To create an enterprise-wide risk-based IT security program that protects IT assets, reputation, and data through proactive synchronization with the Henry Ford Health System business strategy.

 

Milestone 1 March 5 2022 March 30 2022 Choosing the best team members for the project
Milestone 2 April 1st 2022 April 20 2022 Obtaining security services for the web-based application, server software, and devices
Milestone 3 April 22 2022 May 22 2022 Perform data conversions and load balancing
Milestone 4 May 24 2022 June 25 2022 Setting up the software and hardware information for a safe environment.
Milestone 5 June 27 2022 July 28 2022 infrastructure development
Milestone 6 July 30 2022 August 30 2022 Infrastructure installation for security
Milestone 7 September 1 2022 October 5 2022 Examine the software that will carry out the necessary tasks for the final user.
Milestone 8 October 6 2022 November 5 2022 Determining whether records can be quickly converted from one format to another.
Milestone 9 November 7 2022 December 20 2022 Documentation to ensure effective, simplified, and consistent progress of a project
Project End January 5 2022 February 16 2022 Teach administrators how to test the functionality. Employees should be trained on how to use the framework and how to verify for security flaws.

 

Availability, Confidentiality, Authentication, and Integrity Considerations (Criterion 5)

During this scope, we will evaluate Henry Ford Health System’s current security measures to see if they adhere to the CIA Triad’s minimum fundamental rules and other standards. The CIA triad, also identified as Confidentiality, Integrity, and Availability, is an acronym for Confidentiality, Integrity, and Availability. This model is intended to guide policies for an organization’s Information Security requirements.

In network security, confidentiality is used to define and enforce information and data access levels. A company phone directory would be on the lower end of the confidentiality risk spectrum. In contrast, a worker file containing wages, banking, liens, and other details not generally shared with unauthorized persons would be higher.

Integrity in security refers to the ability to prevent data from being modified or altered in an unauthorized or detrimental manner. If information is omitted or an email is altered by someone outside the institution posing as someone inside the organization. IT security oversees the release management for encrypted communications and the leadership of supporting documentation, retention prerequisites, and version control of data security files.

The ability to access data when needed is referred to as data availability. This concept is best demonstrated by meticulously preserving all hardware, conducting hardware repairs as soon as required, and retaining an efficiently functioning operating system environment free of software conflicts.

Authentication is the act of deciding whether or not someone or something is who or what they claim to be. Multiple authentication protocols are used in the Henry Ford Health System. This procedure includes the electronic transmission of remote access cards. A standard login process is initiated, followed by alphanumeric character configurations. These characters are drawn from the person’s or owner’s RAC.

Unique Organizational Challenges (Criterion 6)

Given that Henry Ford works with partners who conduct business internationally, maintaining compliance in all areas, along with General Data Protection Regulations, Payment Card Industry, Cloud Security Alliance (CSA), and Security, Trust, and Assurance Registry level 2 Attestation, will be critical. These are a few of the regulatory requirements that necessitate the assimilation of security systems.

Human Factors of Cyber Risks will be among the many unique challenges. This could include implementing some lean best practices. Assessing the current workforce and providing instruction to those who require it most. Front-line personnel, field personnel, and C-level stakeholders

Due to the limitations of the workforce’s abilities, this process will be a sensitive phase in the overall view for the CEO. The capacity to leverage the skills and possibilities to change management should be highly valued. With one goal in mind: to maintain Henry Ford integrity and reputation to the highest ethical standards plausible.

AAA Framework and Cryptography Strategy (Week 2)

Data Handling Threats and Vulnerabilities (Criterion 1)

In Use, Transit, and Storage.

Cryptography Strategies (Criterion 2)

(List three strategies.)

CS 1

CS 2

CS 3

Cryptography Tool Comparison (Criterion 2)

(Compare two tools.)

CT 1

CT 2

Non-Cryptography Strategies (Criterion 3)

(List three strategies)

CS 1

CS 2

CS 3

Identity and Access Management Recommendation (Criterion 4)

Policy Recommendation (Criterion 5)

Policy Recommendation 1

Policy Recommendation 2

 

 

Policy Recommendation 2

 

Physical Network Security Strategy (Week 3)

Physical Security Threats and Vulnerabilities (Criterion 1)

(Describe three.)

Physical Security Strategies (Criterion 2)

(List two for each area.)

Data

Strategy 1 – Data

Strategy 2 – Data

Human Resources (people in the building)

Strategy 1 – Human Resources

 

Strategy 2 – Human Resources

Hardware

Strategy 1 – Hardware

 

Strategy 2 – Hardware

 

Network Security Strategies

Network Perimeter Strategy (Criterion 3)

(Should be specific to your target company.)

 

 

External and Internal Network Traffic Security Strategy (Criterion 4)

(List two tools or strategies—should be specific to your target company.)

 

Policy Recommendation (Criterion 5)

Policy Recommendation 1

Policy Recommendation 2

 

 

 

 

Operating System and Application Security Strategy (Week 4)

Operating System Security Vulnerabilities (Criterion 1)

Operating System 1

Operating System 2

Antimalware Recommendation (Criterion 2)

(Should be specific to your target company and its environment.)

Intrusion Detection System Recommendation (Criterion 3)

(Should be specific to your target company and its environment.)

Application Security

Web-based Infrastructure Recommendations (Criterion 4)

AS Recommendation 1

AS Recommendation 2

Database Infrastructure Recommendations (Criterion 5)

DB Recommendation 1

 

DB Recommendation 2

 

OS Hardening Recommendation (Criterion 5)

 

 

Security Policy (Week 5)

(All policy recommendations from weeks 2–4 will go here.)

Security Vulnerabilities (Weeks 2–4) (Criterion 1)

Legal Issues and Regulatory Standards (Criterion 2)

(Should be defined in Project Scope.)

(With what regulatory compliance objectives must your target company comply? (For example, HIPAA, Sarbanes-Oxley, FDA, FTC, GDPR.)

(Should be defined in Project Scope.)

Could be the same as ‘Availability, Confidentiality, Authentication, and Integrity’ under Project Scope.

Measures of Success for Global Implementation and Legal Discussion

(How will your target company succeed globally with the new security solution? Use supporting evidence and resources to support your statements.)

Physical and Network Security Threats

Comprehensive Security Solution (Criterion 3)

 

 

 

 

 

 

 

 

 

 

References

(Hanging indentation, double-spaced, APA formatting.)

 

Appendices

Appendix A: System Diagram

(Use as needed—not every project will have a system design.)

 

Cite this Page

Henry Ford Health System Enterprise Security Infrastructure Approach . (2022, June 22). Essay Writing . Retrieved July 03, 2022, from https://www.essay-writing.com/samples/henry-ford-health-system-enterprise-security-infrastructure-approach/
“ Henry Ford Health System Enterprise Security Infrastructure Approach .” Essay Writing , 22 Jun. 2022, www.essay-writing.com/samples/henry-ford-health-system-enterprise-security-infrastructure-approach/
Henry Ford Health System Enterprise Security Infrastructure Approach . [online]. Available at: <https://www.essay-writing.com/samples/henry-ford-health-system-enterprise-security-infrastructure-approach/> [Accessed 03 Jul. 2022].
Henry Ford Health System Enterprise Security Infrastructure Approach [Internet]. Essay Writing . 2022 Jun 22 [cited 2022 Jul 03]. Available from: https://www.essay-writing.com/samples/henry-ford-health-system-enterprise-security-infrastructure-approach/
copy
Do My paper price
Pages (550 words)
Approximate price: -
eskort bodrum - eskort eskişehir - mersin eskort - eskort mersin - mersin eskort bayaneskort bodrum - eskort eskişehir - mersin eskort - eskort mersin - mersin eskort bayan