Question
Introduction Employing the Internets cheap connectivity presents both opportunities and challenges for businesses. The challenges include an organizations security and compliance while allowing remote access
Introduction
Employing the Internets cheap connectivity presents both opportunities and challenges for businesses. The challenges include an organizations security and compliance while allowing remote access to the employees.
In many businesses, administrators, staff, and, in some cases, customers are granted remote access into the organizations protected, private Local Area Network (LAN). This introduces not only the same risks inherent with authenticated users on the local network but additional risks by granting local access to users from the Internets open network.
In this lab, you will identify the risks and threats commonly found in the Remote Access Domain, and you will define the scope of a remote access policy as it relates to the Remote Access Domain. You will mitigate the risks and threats found in the Remote Access Domain, and you will create a remote access policy that incorporates a policy statement, standards, procedures, and guidelines.
Learning Objectives
Upon completing this lab, you will be able to:
Define the scope of a remote access policy as it relates to the Remote Access Domain.
Identify the key elements of a remote access policy within an organization as part of an overall security management framework.
Align the remote access policy with the organizations goals for compliance.
Identify proper security controls and countermeasures for risks and threats found within the Remote Access Domain as defined in the remote access policy definition.
Create a remote access policy definition incorporating a policy statement, standards, procedures, and guidelines.
Hands-on Steps
1. Create a policy template for XYZ Healthcare and answer the Assessment worksheet questions.
2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps.
3. On your local computer, open a new Internet browser window.
4. In the address box of your Internet browser, type the following URLs and press Enter to open the Web sites to review the sample remote access policy documents:
SANS Institute: Remote Access Policy template - https://www.sans.org/security-resources/policies/network-security/pdf/remote-access-policy
SANS Institute: Remote Access Tools Policy template -https://www.sans.org/security-resources/policies/network-security/pdf/remote-access-tools-policy
UNC School of Medicine Remote Access Policy - https://www.med.unc.edu/security/hipaa/documents/SOM%20Remote%20Access%20Policy%202009%20Final.pdf
HIPAA Security Rule Remote Use - https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf
5. Review the following characteristics of the mock XYZ Health Care Provider:
Regional XYZ Health Care Provider has multiple, remote health care branches and locations throughout the region.
Online access to patients medical records through the public Internet is required for remote nurses and hospices providing in-home medical services.
Online access to patients medical records from remote clinics is done through Secure Sockets Layer Virtual Private Network (SSL VPN) secure Web application front-end through the public Internet.
The organization wants to be in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and IT security best practices regarding remote access through the public Internet in the Remote Access Domain.
The organization wants to monitor and control the use of remote access by implementing system logging and VPN connections.
The organization wants to implement a security awareness training policy mandating that all new hires and existing employees obtain remote access security training Policy definition to include HIPAA and electronic protected health information (ePHI) security requirements and a mandate for annual security awareness training for all remote or mobile employees.
8. Using the following template, create an organization-wide remote access policy for the XYZ Health Care Provider (no more than 2 to 3 pages).
XYZ Health Care Provider
Remote Access Policy for Remote Workers & Medical Clinics
Policy Statement
(Insert Policy language here)
Purpose/Objectives
(Insert the policys purpose as well as its objectives; use a bulleted list of the policy definition)
Scope
(Define this policys scope and whom it covers.
Which of the seven domains of a typical IT infrastructure are impacted?
What elements, IT assets, or organization-owned assets are within the scope of this policy?)
Standards
(Does this policy point to any hardware, software, or configuration standards? If so, list them here, and explain the relationship of this policy to these standards. In this case,
Remote Access Domain standards should be referenced, such as encryption standards, SSL VPN standardsmake any necessary assumptions.)
Procedures
(Explain how you intend to implement this policy organization wide and how you intend to deliver the annual or ongoing security awareness training for remote workers and mobile employees.)
Guidelines
(Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Database Systems For Advanced Applications Dasfaa 2022 International Workshops Bdms Bdqm Gdma Iwbt Maqtds And Pmbd Virtual Event April 11 14 2022 Proceedings Lncs 13248
Authors: Uday Kiran Rage ,Vikram Goyal ,P. Krishna Reddy
1st Edition
3031112164, 978-3031112164
