Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Case: Clinic staff log on to the MHC-PMS with a username and password. The syste

ID: 3750801 • Letter: C

Question

Case: Clinic staff log on to the MHC-PMS with a username and password. The system requires passwords to be at least eight letters long but allows any password to be set without further checking. A criminal finds out that a well paid sports star is receiving treatment for mental health problems. He would like to gain illegal access to information in this system so that he can blackmail the star. Task 1: For the above MHC-PMS case, suggest an example of an asset, exposure, vulnerability, attack, threat, And control. Task 2: assess the risks associated with that system and propose two system requirements that might reduce these risks.

Explanation / Answer

Case Study:-

Firstly lets discuss the basic definitions of the terms involved in Information Security, concept of CIA and Case study of given scenario.

Asset :- Any confidential,private information w.r.t user,network or organisation is an asset that needs to be safeguarded against malware,hackers and intruders.

Vulnerability :- This is the possibilty of having back doors to softwares, hardware which can be exploited by hackers in order to cause harm to asset.

Attack :- The activity performed by intruders in order to attain secure information using any methodology like Brute Force etc.

Threat :- Any probability of a vulnerability being exploited by an attacker is a Threat.

CIA :- Confidentiality, Integrity , Availability are the key pillars of Information Security.

Basic understanding of CIA :-

C ===== Information should be accessible only to personnel who are authorized to access it.

I ====== Information should be received in its integral form without being tampered by any third party.

A ===== Information should be available at time of requirement

Moving on to the actual problem asked here,

Task 1: With respect to Given scenario the example of different terminologies mentioned above are

asset ---- Medical Information of sports star mental health

exposure --- Any software error caused to MHC-PMS sytems

vulnerability --- The security breaches that can be present in software and hardware used by MHC-PMS to maintain patient's records

attack ---- criminal trying to breach the software to attain sport person's password

threat ---- criminal is a threat here

Task 2 : Risks involved in the mentioned case

1---- Criminal could attain all the patient's information by hacking the password

2---- The user's medical information can be used in wrong ways by the criminal

System Requirements to reduce the risks :-

* Increasing the password difficulty by mandating special charaxters etc.

* Logon audit requirements must be sourced from the Authentication Key Strengths Standard.

* Maintain updated softwares and hardwares and always run security scans to be aware of vulnerabilities

Related Questions

Case write > U r the new Vice president of human resource for forest internation
Question #446504
Case write-up Prep – read the Kraft Foods (The Coffee Pod Launch) case in the at
Question #365048
Case – Disney Washington Post “Comcast’s $65 Billion bid set up Disney Dual,” Ju
Question #2617998
Case – HNA HNA is keeping a fast pace of global acquisitions. Below are a few of
Question #2617999
Case# 1 Mark Philips LtdCompany that carried out jobbing work. One of the jobs c
Question #2444334
Case#2 Unilever Pakistan sells one product for which data is givenbelow: Particu
Question #2444335
Case#3 A product ismanufactured as a result of two processes, A and B.detail ofp
Question #2444342
Case#4 The followinginformation is available for Panasonic company new productli
Question #2444350

Navigate

Previous
Case: Churning About to Heat Up Traditionally, the US workforce has had on of th
Next
Case: Clinic staff log on to the MHC-PMS with a username and password. The syste