As a security system engineer at a military hospital I am creating a request for proposal to
Question:
As a security system engineer at a military hospital I am creating a request for proposal to be presented to several potential vendors that will compete to build and provide database security for the hospital. I will need to determine the technical and security specifications for the system. As well as provide evaluation standards that will be used in rating the vendor's performance.
1.) Which departments within a hospital will use the Security Concerns to All relational database management system (RDBMS), and for what purposes would they need to use them?
2.) What types of data may be stored in the RDBMS and what is the importance of keeping the data being stored?
3.) Please explain attributes of a hospitals database and the environment in which it operates.
4.) Please explain error handling and information leakage, insecure handling, cross-site scripting (XSS/CSRF) flaws, SQL injections, insecure configuration management, authentication (with a focus on broken authentication), and access control (with a focus on authentication).
5.) What are three security assurance and security functional requirements for a hospitals database that contain information for medical personnel and emergency responders?