Pay someone to write your paper and get a speedy homework service. Research paper writing. Term paper writing. Do my homework. Help my essay. Write my research paper service.Order my paper
In the current season, the rapid growth of technology, communication and especially the large volume of information have led many companies and organizations to use IT systems for the management and the safety of information.
The main objective of this project is to implement a complete security assessment of the private hospital «Elpis». The firms which effectively allocate their resources for the better understanding of the risks they face, can more easily avoid “unexpected” situations and release resources in other directions and profitable activities (i.e. new investments), that otherwise would have potentially rejected as very dangerous. Therefore, the adoption of procedures that focus on Risk Analysis and Management can substantially help firms to prevent or control risky situations. Once, firms have identified an efficient way to measure the relationship between their risk and rewards they could significantly improve their current operations or find new profitable activities.
This project investigates the risks related to the security of the hospital «Elpis». Specifically, it focuses on the hospital organization, the sources of operational risks and provides detail description of available technologies that can ensure the management and control of these risks. The hospital is located in Athens having two other subsidiaries called «Mitera» in Chalkida. We know that the private hospitals interchange important medical information concerning their patients. The central IT department is established in Athens dealing with various services such as the patient registration data, patient diagnoses, management of medical information, other data saving, etc. On the other hand, the IT department in «Mitera» hospital is obsolete with limited ability to send and receive large volume of data. Therefore, this project aims to investigate all the required procedures that can ensure the integrity and confidentiality of medical information transmission between the hospitals and the incessant operation of the IT services.
«Elpis» hospital is constituted by five departments: the Administrative Department, the Human Recourses Department, and Finance Department, the Secretariat-motion of Patient Department and the IT Department, while «Mitera» hospital is organized into two departments, the Secretariat-motion of Patient Department and the IT Department. We analyse the IT department of «Elpis» hospital which employs the head of the IT department, a network administrator, a medical software administrator, a database administrator and an information security administrator. Our analysis reveals some rules and practices that can ensure the information safety in the private hospital. Also, we have recognized significant sources of risk come from the outside environment and individuals that work in the hospital. The results of this report can be used in the improvement of medical information safety and the minimization of the possible risks.
Next, we present the potential technological solutions that the hospital can adopt at a total financial cost of EURO 5000. They include the Intrusion Detection System (IDS), Antivirus, Spyware, Adware and firewall, Implementation of RAID 5, automatic fire detection mechanisms, emergency generator UPS, automatic Air conditioning control, User policy and Password policy.
Description of the company’s IT infrastructure
In this section, we present organizational structure of «Elpis» and «Mitera» hospitals as well as their software part of their network. We continuous our analysis using the CRAMM methodology in order to uncover the threats and weaknesses of the IT departments. Finally, we present possible solutions that can face all these risks relevant with the operation of the IT department. The private hospital «Elpis» is located in Athens at a building consist of 3 floors. In the first floor we find the hospital’s administration and a computer room with the IT equipment. In the second floor is the pathological and chirurgical clinic, the secretariat of the clinics and the medical library. The third floor accommodates the cardiologic clinic, the secretariat of the clinic and the room of telemedicine. All the offices for each roof are connected to the same LAN.
The organisational structure of private hospital «Elpis» is constituted by five departments:
The IT infrastructure of hospital «Elpis» consists of servers which running the medical application or others services and the ability to store all data, the network equipment (switches-Ethernet) which is used for connecting the computer room-servers and the personal computers of hospital staff and the firewall that is configured from the network administrator and monitor data traffic from the hospital on the Internet with specific criteria. In figure 1 presents the topology of the system.
Hardware of Hospital “Elpis”:
A Router (1 piece): The Router is a device which connects the workstation on the network of the hospital. The Router connects the local network of the hospital with the internet, using a leased line of 4 Mbps.
Firewall (1 piece): The Firewall is a device or software that prevents access to or from a private network for which it was authorized. The Firewalls can also be applied to hardware and software, or a combination of both. It used to deter unauthorized Internet users from accessing private networks. Also firewall controls the movement of data for the region that is responsible.
Switch (4 pieces): a hardware device and used to connect different components in the same network. The switches cutting useless Internet traffic and allow you an affordable high-performance network. The switch is can be used for splitting the physical LAN in two small LANs. In network of hospital this switch splits the physical LAN in two small LANs. A central switch is connected with three other switches which connect the workstations. While another switch connects the servers.
Database Server (1 peace): Database Server is a device that used by one or more machines as their database. By using a database server users of the hospital have the ability to manage and organize medical data
Web Server (1 peace): O web server is a computer, allowing other computers to access files that manage, using the HTTP protocol (Hyper Text Transfer Protocol). Please note that the basic web server administrator has the ultimate ‘control’ of the server, unlike a simple user The Hospital uses Apache Server.
Mail Server (1 peace): mail agent receives the e-mail from local users (incoming), and offered to surrender on outbound users. A computer dedicated to running such applications is also called a mail server. The transfer of medical results from the “Mitera” hospital to the hospital “Elpis” made via e-mails.
Backup Server (1 peace): A Backup Server is a way to save your important medical files into one single compressed file. The best part of Backup Server is its affordable and you can transfer the compressed file onto another computer or hard drive. In addition, backup server has the possibility to administrate the tape backup machine.
Tape Backup Machine (1 peace): Backup Machine provides the easiest way to backup your critical folders and files allowing access to local and network directories. The disk should be replaced at regular intervals and stored in a sheltered place.
Workstastion PC (50): Each office holds, one or more desktop pc only for internal services access and development.
Software of Hospital “Elpis”:
Microsoft Exchange Server 2003
Windows XP Professional
The «Mitera» hospital has a Secretariat-motion of Patient Department, the Pathological clinic and the IT department. The medical information (patient’s data, patient diagnoses, etc.) is exchanged between hospitals with web-hosting or email. The communication as achieved with an ADSL 4 Mbps. The technical characteristics (see figure 2) of «Mitera» hospital are the same with «Elpis» hospital.
Hardware of «Mitera» Hospital:
Members of the group will undertake to conduct the risk analysis in Chalkis hospital. They should be trained in project risk analysis in order to fulfill their goal. Specifically, the team has the following members:
In the previous section we described the organizational and informational structure of «Elpis» and «Mitera» hospitals. Now, we are describing the assets that are classified into three categories: a) software assets, b) hardware assets and c) data assets.
A system can be characterized as reliable and safe when it is: a) confidential: provide access only to authorized persons. They have access to important information (medical information, personal patient data), b) availability: the service that the IT facilities provide should be incessant, c) integrity: the system should be ready at any time to provide reliably any information. Also, the information should not change by unauthorized persons.
The hospital manages important medical information. Thus, the access to the internal network should not be free and the communication between the hospitals should be characterized by safety and reliability.
The data assets of private hospital «Elpis» can contain the following:
In this project, we perform a risk analysis and management for two data assets, the patient files and the statistical data.
In this category, it is classified the physical assets like the equipment facilities, buildings. We focus our analysis on hardware assets. Specifically, the hardware assets of «Elpis» hospital can be the followings:
Also, we perform a risk analysis and management for the most important hardware assets: ?? application server and database server.
This category of applications contains software that the staff of hospital uses for data processing. The software assets of private hospital «Elpis» can be divided into:
DETERMINATION OF COUNTERMEASURES
In the above section was realised the analysis for the threats and the vulnerabilities for each assets (figure 3) . In this section we analyze the countermeasures which should be taken for each threat. In addition, we proposed solutions and technical relatively with the physical and hardware section as well as the architectures and security policies. The countermeasures will be supposed in such degree in order that the hospital working in an error-tolerant.
Each employee will have the appropriate privileges in system, in relation to the work which he performs. The password policy should be changed. Users must renew the password once a month and use string passwords. For devices that contain important medical information that password should be changed once a week and the rights of the user accounts to be examined by managers every two weeks. As a reference the user policy should describe the rules that will prevent the user from illegal operations (even if accidental) aiming at the confidentiality of data.
The company should implement a backup policy in order to store important medical information (patient file) and data which associated with the company (any company, personal information). The backups are major because there’s a danger of losing important data from the disaster of equipment or external threats or by human error (deliberate or accidental). The backup will be made every day and in time that the workload of the hospital is small. Also it should be created a monthly backup that will be stored in a separate location, in case where the initial copies have been destroyed by a natural disaster or damage of equipment or human error. The storage of data will be realised with technical of Raid 5 because the price of the disc is significantly reduced and the costs of implementation Raid 5 is now within most organisms’ budgets.
A measure that must be taken is the installation of an emergency generator UPS which will ensure continuous operation of IT equipment even if creates problems at the central UPS. Also an emergency generator UPS should be connected with the cooling system of the computer room.
In the computer room there is a simple cooling system which may not ensure the proper operation of IT systems. The most effective measure is the installation of an completed cooling system which will have automatic air conditioning control with aim to minimize the risk of a sudden increase in temperature.
The confidentiality and the data integrity is an important part of the hospital. The installation of IDS device provides control of the network and intrusion detection that can come from either inside or outside of hospital and detect violations of security policies. An IDS has the ability to produce reports on the above events.
In addition, a measure that must be taken is the installation of completed fire protection equipment in all spaces of the hospital (patient rooms, offices, computer room). The fire system will have the ability to detect smoke or fire and more generally the change in the temperature also in case of emergency the possibility of telephone connection with the local fire station and the police.
The education and training of hospital members in safety, confidentiality and organisation issues should are realised each 2 months. Thus, hospital members acquire feeling of personal responsibility and dexterities.
Finally, it should be installed Software applications which will protect the network of hospital from malicious programs. The installation of Antivirus – Spyware program will take place in server with a view to automatically install and update the antivirus programs on each workstation.
The main objective of this report was to evaluate safety in private hospital “Elpis” with the method of risk analysis. The hospital has implemented some measures for the correct and safe operation of hardware and software but these measures do not cover many of the threats.
The most important areas that should provide the hospital are the confidentiality, integrity and availability of data. These areas should be applied to a greater degree in the user policy and the security policy. Also, it should be implemented specific technologies which ensure in the hospital proper functioning. Access to sensitive patient information and medical research should be protected specifically by unauthorized persons. Finally, it suggested equipment to help in case of emergency.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more