Instructions Dr. Brooks works at two different medical offices (MO1 and MO2). He
ID: 3706592 • Letter: I
Question
Instructions Dr. Brooks works at two different medical offices (MO1 and MO2). He demands access to patient information from both locations at anytime. He wants to use his personal laptop to access the EHR and resources for both offices. Dr. Brooks uses any free internet connection he has access to while at cafés or fast food restaurants to enter/update patient's data into the EHR system instead of doing it in the office. Surfing the internet (news), checking email both personal and business is part of his daily routine. He does understand security and HIPPA, he is concerned about being hacked while using free public wifi given all the recent news stories about hackers. Dr. Brooks wants the easiest and most secure method to access information daily but does not want to sacrifice a patient confidentiality to meet his needs Two members from the IT department Helpdesk have developed a possible solution and given it to Dr. Brooks for his approval. You have been called by Dr. Brooks to provide your input (as an Information Security Analyst). He trusts your opinion and wants you to provide some insight to the solution below Dr. Brooks will have a network account for each active directory domain for each office (MO1 and MO2) and a VPN will be provided for him to log into each of offices when needed. He can access network resources for both offices via batch file. The batch files will be placed on the desktop and labeled with each office name. The details on how Dr. Brooks is to change his password, log into to the VPN, and update the batch file with his current password will also be placed on the desktop for his review Apply the CIA Triad to the solution above, explaining where on a scale from 1 (lowest level) to 10 (highest level) each fall. For example: Confidentially 4, Integrity 8, Availability 2. You must explain your number 2. Develop a visual way to show the Triad for this solution. List all the pros & cons you can discover 3. Develop a solution/plan to secure Dr. Brook's laptop from the knowledge you have learned in this course to help Dr. Brooks meet his needs. Justify your answer. Develop a visual way to show the Triad for your solution/planExplanation / Answer
1.
(a) Confidentiality: 2 - Since Dr.Brooks is using the public Wifi to access the patient details at a restaurant the rate of maintaining the confidentiality is very less as information on the laptop will be easily visible.
(b) Integrity: 8 - Dr.Brooks wants to maintain the highest integrity of securing the information though he is browsing the information through public Wifi
(c) Availability - 5 - Dr.Brooks wants the information to be accessible everytime when he try to access through internet. However, the chances of internet access availability depends on the strength of WiFi network. The rate of availability might reach 50% when considering the strenght of WiFi network access as low(since it`s a wireless network).
2. Dr.Brooks has to follow some set of protocols to ensure the patient details are accessed through secured medium. VPN is considered to be one of the best solution to access the information through a private communication channel. As like many others, the proposed solution has also some pros and cons.
Pros:
1. The rate of securing the information is high.
2. The information is very well grouped as batch files and presented to users through secured format.
3. The rate of availability of the information is high as VPN defines a private channel for the access of the information.
Cons:
1. The users need to have good memory of password to access the information stored through VPN channel.
2. The VPN device and password might get compromised with users if sufficient security measures are not taken to protect the same.
3. The following plan should be developed in order to ensure the security of Dr.Brook`s laptop:
a. Dr.Brooks should define a weekly schedule for performing his activity from public places.
b. Dr.Brooks should ensure that the safety of the physical devices like laptops, VPN devices when accessing the devices through public places.
c. Dr.Brooks should ensure that always his physical devices and software assets are password protected.
d. Dr.Brooks should perform his activity in a safe envrionment in order to comply with the CIA rules appropriately all the time.
e. The physical devices should be design to be used according to the security policies and guidelines of the organisation.
f. The availability of the good WiFi network will help Dr.Brooks complete his activities on time.
g. After completion of activities Dr.Brooks should ensure to close/shutdown of his physical devices from the data security point of view.