Report should detail, 5-6Pages(diagrams do not count towards page count) APA format with in text citations and reference page.

Scenario:

Today’s health care systems incorporate databases for more effective and efficient management of patient health care. The databases are prone to cyberattack and must be designed and built with security controls from the beginning of the life cycle. Though much can be accomplished hardening the database earliest in the life cycle, much of the security is added after the fact, forcing hospital and healthcare IT professionals to try to catch up to the threats. It is becoming more critical that database security requirements are defined at the requirements stage of acquisition and procurement. Through specific security requirements and testing and sharing of test and remediation data, system security engineers and other acquisition personnel can collaborate more effectively with vendors wishing to fulfill and build health care database systems.

 

·         As the liaison between your hospital and potential vendors, it is your duty to provide vendors with an overview of your organization.

·         Discuss the types of data that may be stored in the system, and discuss the importance of keeping this data secure.

·         Provide the security concepts and concerns for databases. As a standard, the database with the information for medical personnel and emergency responders needs to identify at least three, no more than five, security assurance and security functional requirements of the database.

 

Trivedi, D., Zavarsky, P. &Butakov, S. (2016). Enhancing relational database security by metadata segregation.ScienceDirect, Vol. 94. Retrieved from  http://ac.els-cdn.com/S1877050916318208/1-s2.0-S1877050916318208-main.pdf?_tid=480c35ae-a161-11e6-a664-00000aab0f01&acdnat=1478135167_7bd287eb942d2056a92b63c754097bcf

 

These standards will serve additionally as metrics of security performance to measure the security processes incorporated in the product. To prepare, read the following resources:

v  Database Models

v  Common Criteria (CC) for information technology security evaluation

Caplan, K., & Sanders, J. (1999).Building an international security standard. IT Professional, 1(2), 29-34. doi:10.1109/6294.774938United States Computer Emergency Readiness Team (US-CERT). (2013). The common criteria. The United States Computer Emergency Readiness Team. Retrieved from  https://www.us-cert.gov/bsi/articles/best-practices/requirements-engineering/the-common-criteria.

 

v  evaluated assurance levels (EALs)

Mead, N. (2013). The Common Criteria. Retrieved from  https://www.us-cert.gov/bsi/articles/best-practices/requirements-engineering/the-common-criteria.

 

v  continuity of service

Ready Business Campaign.(n.d). Business continuity plan.Ready campaign. Retrieved from  https://www.ready.gov/business/implementation/continuity.

 

·         Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks.

Describe Defense Models

·         As the contracting officer's technical representative (COTR), you can provide an approximate timeline for delivery since the networking environment will have numerous users and classes of access to be granted.

·         Provide requirements for the vendor to state its overall strategy for defensive principles.

·         Explain the importance of understanding these principles. To further your understanding, click the link and read about defensive principles.

 

Explain how it relates to the defensive principles. The network domains should be at different security levels and have different accesses, as well as different read and write permissions using non-members of the enclave to taint access to resources and information in the enclave, or vice versa. Look at:

v  Defensive principles

Cisco.(n.d.). Principles of secure network design. LearnCisco. Retrieved from  http://www.learncisco.net/courses/iins/common-security-threats/security-architecture-design-guidelines.html.

 

McGaw, G. (2013). Thirteen principles to ensure enterprise system security.TechTarget. Retrieved from  http://searchsecurity.techtarget.com/opinion/Thirteen-principles-to-ensure-enterprise-system-security.

 

v  enclave/computing environment

Mikkelsen, S., & Jacobsen, R. (2016).Securing the home energy management platform. Retrieved from  http://cdn.intechopen.com/pdfs-wm/50458.pdf.

 

v  cyber operations in DoD policy and plans

Department of Defense (DoD). (2015). The DoD cyber strategy. Retrieved from  http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf.

 

 

·         In the enclave computing environment, define enclave boundary defense and include enclave firewalls separating databases and networks. This can be fictional or modeled after an existing model, using your IEEE standard citation format.

·          Define the different environments you expect the databases to be working in and the security policies applicable.