Question
(This was all the information provided to me) Objectives: Apply the basic security principles Identify threats to security and design countermeasures Conduct risk assessments Tasks:
(This was all the information provided to me)
Objectives:
- Apply the basic security principles
- Identify threats to security and design countermeasures
- Conduct risk assessments
Tasks:
Imagine that you are working as an information security officer at Greenhills kidney dialysis unit. The site has dialysis machines in one facility with three remote facilities connected to the dialysis machines via an Internet link. You need to assess the current information security and propose improvements.
Assume that you have identified 7 threats to security of protected health information as:
T1: Alternation: Someone might be able to modify patient information stored in any of the computers either by accident or maliciously.
T2: Input error: Entering information manually is error prone, but most data are automatically entered from monitoring equipment.
T3: Software failure: Software could malfunction.
T4: Data interception: Data is intercepted in transit between devices and computers.
T5: Password management problems.
T6: Unauthorized building access at off-site archive.
T7: Inadequate system access control procedures.
You have proposed 7 countermeasures to reduce the above threats to security.
C1: Increase security awareness training for all staff.
C2: Use of encryption during transfer between devices
C3: Control access to telemedicine application
C4: Enforce password management practice.
C5: Install virus protection software
C6: Better access control for off-site archive
C7: Upgrade to new operating system
Now do the following tasks:
- Provide a plausible expected lost and frequency for each threat. A threat may have a frequency of occurrence. Expected lost refers to a threats potential for damage. Both these features may have a value of low, medium or high.
- Based on Step 1, find a severity of threat based on the table of severity of threats.
Table 1. Severity of threats
Frequency | |||
Expected lost | Low | Medium | High |
Low | 1 | 2 | 3 |
Medium | 2 | 4 | 6 |
High | 3 | 6 | 9 |
- Estimate
- The cost of each countermeasure (along with a one-sentence explanation of why that cost.) Costs are ranked on a scale of 1 to 7 where 1 is the least expensive and 7 is the most expensive.
- The percent reduction of a countermeasure for each threat (from 0 to 100%.)
- Then complete an analysis of countermeasures table (see a template below) by entering the relevant preceding values into it and computing the:
- Total severity reduction. To determine a countermeasures overall contribution to severity reduction, one simply adds together its impact on each individual threat.
- Cost/benefit ratio. The overall cost/benefit value of a countermeasure is its cost divided by its total severity reduction.
- Finally, using a cutoff of 0.6, say what countermeasures should be implemented. (Hint: countermeasures whose cost-benefit ratio is below the cut-off should be implemented.)
- Compile your answers and submit a word file to Blackboard.
Table 2. Analysis of countermeasures
Countermeasures versus Threats | ||||||||
Threats | Severity | Countermeasures | ||||||
C1 | C2 | C3 | C4 | C5 | C6 | C7 | ||
T1 | ||||||||
T2 | ||||||||
T3 | ||||||||
T4 | ||||||||
T5 | ||||||||
T6 | ||||||||
T7 | ||||||||
Total severity of reduction | ||||||||
Cost of countermeasures | ||||||||
Cost/benefit | ||||||||
Implement? Y/N |
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started