Scenario- Superior Health Care System Inc.
The management at Superior Health Care System Incorporated recently purchased several new facilities including the central patient information management center. This purchase will have a serious impact on the network and information services department and will include the following changes to the organization's operation:
1. The organization will now be responsible for all information assurance. In the past, these responsibilities were contracted out or under the administration of partner organizations.
2. The organization's Network and Information Technologies Services will now have to prepare for and undergo an annual audit and accreditation process as a new member of the East-West Health Providers Association to insure compliance with IPAA Privacy and Security Accreditation standards.
3. Several of the organization's data centers will be consolidated into one central facility in an effort to save costs and improve information assurance.
4. Current staff must be trained and obtain industry certifications in order to compete for new and existing positions within the organization.
DS-SC-04/14 SAT-ICANWK601A V1.1
RTO Provider Code: 91151
CRICOS Provider Code: 02668F Page 8 of 8
A strategic planning team will be established to identify the process and evaluate the progress and success of the transition. The team has identified twelve major initiatives to
provide a framework and sequence for the transition:
1. A complete audit of existing resources, equipment and assets including personal, systems, facilities and contracted services.
2. A comprehensive risk analysis and assessment.
3. Review and development of all information security policies, standards, procedures and guidelines.
4. Review and implementation of a new comprehensive design for authentication, authorization and auditing.
5. Review and implementation of new network perimeter security.
6. Review and implementation of new network IDS and IPS systems.
7. Review and implementation of new end point security throughout the organization.
8. Review and implementation of new cryptographic systems and technologies.
9. Review and implementation of a new design for a comprehensive Virtual Private Networks infrastructure.
10. Development of a comprehensive education, training and security awareness programs.
Tasks:
As a member of the Network Security group, you have been asked to serve on the committee and to take the initiative in the following:
1. Describe the major network security organizations.
2. Identify risks, threats, vulnerabilities and countermeasures
3. Identify security organizations that influence and shape network security