The Henry Ford Health System (HFHS) is a non-profit, integrated medical system in Metro Detroit. The commercial headquarters are located at One Ford Place in Midtown Detroit, Michigan. Henry Ford founded the health system in 1915, comprising of a 17-member governing board. Henry Ford Health System also owns Health Alliance Plan, a health insurance company. The decision to work with the Henry Ford Health system was partly influenced by their status as a renowned firm in the health industry and recent changes in Cyber Security and Assurance Standards, which have led to an increase in service requests to Henry Ford Health System. The Henry Ford Health System must ensure that they adhere to the guidelines specified in the “improving critical infrastructure cybersecurity” law.
Main Business Problems and Goals
The fundamental vision of Health Ford’s IT Security department is to develop an enterprise-wide risk-based IT Security program that ensures the protection of IT resources, reputation, and details through preemptive alignment with Health Ford’s business strategy. This department’s primary objective is to “protect the trust,” which is split into three: infrastructure protection, patient data, and distribution system defense, and Internet Protocol (IP) and data protection. Infrastructure protection goals include network security, PC and server safety, anti-virus programs, supervision, and efficient vulnerability analysis. The second part’s responsibilities include securing web-based applications, e-Messaging, information sharing, and promoting individual information and understanding.
Decision Makers and Stakeholders
The organization’s project administrators and system managers should be the key stakeholders. The project managers should collaborate to develop requirements and decide the information collection phases. There is a potential issue when attempting to establish system requirements during the data gathering process. During the start of the gathering process for a new project management information system, among the most difficult problems one will face is prioritizing attributes among the various stakeholder groups in the institution (Hayslip, 2018). The primary objective ought to be to guarantee that fresh systems provide the organization’s project administrators with all of the information required to make sound choices in a precise, responsive, and significant way.
Project Timeline and Outline
This project is set to begin on March 1, 2022, and is expected to be completed by February 16, 2023. Each phase will last between 21 and 60 days, with breaks for unforeseen events and holidays. With a total estimated time of 345 days. The timeline is subject to change and is dependent on budget authorizations from the institution’s founding members.
Roles of Availability, Confidentiality, Authentication, and Integrity
During this scope, we will evaluate Henry Ford Health System’s current security measures to see if they adhere to the CIA Triad’s minimum fundamental rules and other standards. The CIA triad, also identified as Confidentiality, Integrity, and Availability, is an acronym for Confidentiality, Integrity, and Availability. This model is intended to guide policies for an organization’s Information Security requirements.
In network security, confidentiality is used to define and enforce information and data access levels. A company phone directory would be on the lower end of the confidentiality risk spectrum. In contrast, a worker file containing wages, banking, liens, and other details not generally shared with unauthorized persons would be higher.
Integrity in security refers to the ability to prevent data from being modified or altered in an unauthorized or detrimental manner. If information is omitted or an email is altered by someone outside the institution posing as someone inside the organization. IT security oversees the release management for encrypted communications and the leadership of supporting documentation, retention prerequisites, and version control of data security files.
The ability to access data when needed is referred to as data availability. This concept is best demonstrated by meticulously preserving all hardware, conducting hardware repairs as soon as required, and retaining an efficiently functioning operating system environment free of software conflicts.
Authentication is the act of deciding whether or not someone or something is who or what they claim to be. Multiple authentication protocols are used in the Henry Ford Health System. This procedure includes the electronic transmission of remote access cards. A standard login process is initiated, followed by alphanumeric character conﬁgurations. These characters are drawn from the person’s or owner’s RAC.
Hayslip, G. (2018). Nine policies and procedures you need to know about if you’re starting a new security program. Retrieved from https://www.csoonline.com/article/3263738/data-protection/9-policies