A vital step in guaranteeing that critical information is safeguarded involves establishing a set of policies. The approaches would incorporate system and information use policies, system standardization, and physical accessibility to network elements. In this case, Health Systems Inc. is seeking a security and privacy strategy for the medical facility. The sole aim of the plan involves creating comprehensive guidelines and principles that guarantee discretion and integrity within the network. The scope of the framework would develop safety mechanisms to safeguard sensitive information and similarly develop policies that would determine how hardware and software within the network are operated to safeguard the business entity from information breaches and safety hacks. Due to the numerous technological advances, every component necessitates different safety mechanisms to safeguard discretion.
Enterprise-Wide Security Plan
The fundamental objective for Health Systems Inc. involves creating a cost-effective framework that every individual within the corporation can easily comprehend and abide by. To create an effective security plan, foremost, it would include practicing in-depth and layering security protocols designed to safeguard physical, technical, and management controls of the hospital’s network system. Mobile devices with software applications are increasingly significant universally, particularly in the medical field. Most applications meant for business purposes store, exhibit, or convey sensitive information. Various approaches that may be needed consist of averting the use of external WIFI networks, minimal use of external cloud storage services, encryption of devices, and prohibited use of personal emails on the company’s gadgets.
Mobile gadgets would be required to possess mobile device management certificates fitted but not restricted to device restraints, application management, app-layer VPN setting, and device identity certificate. It is equally imperative to safeguard the facility’s authentication approaches to ensure that complex secret codes are not hacked. Staff members would be required to integrate passwords with twelve alphanumeric characters, including upper and lower case letters, special characters, and figures. To facilitate effective safety mechanisms, all staff members are compelled to report any cybersecurity threat to relevant authorities within twenty-four hours of the incident to reduce the detrimental effects. An employee usage policy would guarantee that every staff member understands a likely threat would impact the corporation and personnel based on reputation and financial aspect, along with assuring they avert unsanctioned accessibility to any information pertinent to the facility or network users.
Gadgets such as tablets, mobile handsets, and laptops that use email addresses should be secured. One of the optimal methods of ensuring data transmission is safeguarded by installing certificates and guaranteeing email encryption. It is vital to avert the transmission of sensitive information through emails and instead use frameworks offered by the corporation. For instance, the corporation may use Microsoft office subscriptions for various services such as communication and cloud storage. This guarantees that software applications are updated with the modern security frameworks, permitting user access to information through a secure tunnel, easing WIFI connection, and restricting the installation of unknown applications.
Common Vulnerabilities and Risks
According to Dean (2012), vulnerabilities may be exploited based on two main trajectories. Foremost, internal users in a network are likely to cause harm, deliberately or unintentionally, due to unawareness while using the hospital’s resources. Second, exterior threats posed by hackers present subsequent risks to vital structures and information that should be safeguarded. Popular network susceptibilities mainly comprise unpatched systems, connection on insecure networks, phishing, denial of service attacks, ransomware, and malware. Policies and procedures would be generated to guarantee control mechanisms are implemented to reduce susceptibilities.
To mitigate the threats, it is essential to regular awareness campaigns annually to guarantee that users are familiar with identifying suspicious activities or applications that could be phishing attempts to access the grid. Email subject lines would be identified as those hailing from exterior email addresses to assist in these efforts. Denial of Service attacks on externally facing web resources would be managed through firewall warnings. The production structure would have redundant structures accessible for routing legitimate applications until the attack is averted (Musthaler, 2013). Moreover, filtering and screening of file attachments and URLs would be enhanced.
Policies that Protect Hardware and Software Aspects of the Network
Each medical facility ought to have an updated security policy that each staff member must be competent on and have a signed document affirming they comprehend the integrated security policy. Hardware components such as workstations, file servers, web servers, routers, and switches are all physical assets that would necessitate protection. A well-formulated security policy, together with adequate training, would assist in minimizing the element of human error. The security strategy must outline suitable secret codes, setting up any hardware or software, internet use, remote accessibility, and individual device use. Developing a particular set of policies is considered a vital step in guaranteeing crucial information security. Guidelines are essential as they offer distinctive principles and set procedures regarding how things may and may not be done. Hardware Security is an extra layer of threat that may be developed with a corporation.
Every staff member within the medical facility must appropriately use the network grids, and failure would adversely impact the corporation. To provide additional security for the company hardware, various policies should be integrated. Foremost, mobile device policy necessitates that every device in the company’s possession is subject to monitoring and screening and should be utilized solely for business purposes. The other approach involves usage policy. The policy states that hardware components such as fax machines, printers, or workstations possessed by the corporation should be utilized within the business premises. Another policy involves an equipment access policy. Unauthorized access in sensitive areas within the medical facility is restricted. Accessibility to network equipment is solely allowed to the IT department and security personnel. Media and Storage devices are prohibited on the property. The storage Devices Policy would be implemented as most employees bear the capability of manipulating and duplicating information, besides resulting in viruses being installed on the grid if the devices are contaminated.
Hardware Areas That Need To Be Secured
Hardware security is a susceptibility safeguard that comes in physical devices instead of software installed on a computer’s hardware. Security Devices are valuable as they are mainly incorporated as an extra preventive mechanism to safeguard the hospital’s network. Gadgets incorporated on the network mainly consist of Hardware Firewalls, Proxy Servers, and Hardware Security Modules. In most cases, additional may go unnoticed. They include firmware and memory. Hardware Firewall averts any instance of malware and malicious assaults from gaining access to a computer or network through the Internet. Firewalls are regarded as a further blockade of security mechanisms. A proxy Server safeguards a system by acting as a gateway between users and the Internet.
Moreover, the servers function as a firewall or web filter that may alert the user of mischievous websites that are likely to pose significant threats to the network. Hardware security modules are devoted cryptographic processors aimed at safeguarding extremely vital and complex assets. These Hardware devices are known to protect the hospital’s network from not only common assaults but significant attacks that are likely to damage the entity’s operations. The provided Hardware Security gadgets would mitigate the threats of Endpoint, Malware, and Passive attacks, which may have the capability of stealing vital information.
Operating System and Network File Security
Ensuring systems are patched and up-to-date is considered the most effective mechanism to avert risks and coercions within the network. Integrating network vulnerability scanners with patching tools guarantees that every system would be protected and free of known security susceptibilities. Another mechanism involves integrating robust firewall guidelines that restrict ports and procedures that may not be utilized or essential on the network. Operating system policies would restrict open network ports, network sharing and guarantee a well-defined file system access control list.
According to West Dean and Andrews (2015), network files ought to be safeguarded by incorporating encryption of stored information and encoded during processing. Systems ought to be managed by IT services to guarantee only issued, or reliable software can be installed. Network files should only be handled to guarantee accessibility on the VPN network, or the individual should be situated within premises to facilitate LAN/Wi-Fi access. The users should only be limited to their corresponding section and access levels, for instance, staff, administrator, or director access. Personnel should be urged to maintain data traffic while in the precincts of home Wi-Fi using VPN access.
Data Transfer, Remote Access, and VPN Connection
To guarantee information, an employee needs to incorporate a safe remote access technology such as a VPN. An appropriately configured VPN averts any instance of hospital information from being laid bare to unsanctioned persons. Moreover, a VPN may safeguard personnel from meddling or unidentified Wi-Fi hotspots. To facilitate the configuration of a VPN Connection, a safe hardware VPN gadget should be obtained. The gadget should be positioned in the network’s perimeter, and all traffic originating from the VPN gadget should be reviewed and passed through an extra firewall before gaining access (Priscilla, 2016). Using a secure protocol, such as OpenVPN or L2TP/IPSec, is vital in guaranteeing the connection’s confidentiality. Clienteles and authorizations should be disseminated to personnel with multi-factor validation utilizing OTP hardware tokens or push notifications. The customer would then be requested to authenticate their username and password with confirmation keywords. The server would likewise need to ascertain location access to guarantee no logins in numerous positions in a specific duration and numerous logins simultaneously.
A dynamic step in ensuring that essential data is safeguarded entails the establishment of a set of policies. Several instances include adequate employee training, implementation of necessary security policies, integrating security software, and safeguarding the hardware. Users would be required to be self-aware within the premise or off-premise and being conscious of the information transmitted and stored. Therefore, the security framework would be tremendously valuable to avert any prospective threats.
Dean, T. (2012). Network+ guide to networks. Cengage Learning.
Musthaler, Linda. (2013). ” Best practices to mitigate DDoS attacks,” NetworkWorld Website, https://www.networkworld.com/article/2162683/best-practices-to-mitigate-ddosattacks.html. Accessed June 15, 2021.
Priscilla, O. (2016, February 09). Cisco Press. Retrieved June 15, 2021, from https://www.ciscopress.com/articles/article.asp?p=1626588
West, J., Dean, T., & Andrews, J. (2015). Network+ guide to networks. Cengage Learning.