A. Security Faults
Describe three of the security faults in this scenario that caused a security breach.
1. Some accounts existed before the electronic health record(EHR) was deployed. Important steps were missed during the import of old accounts. I suggest using a clean base line for the brand new EHR system. Users should not be able to have administrator rights without a manager innerving. The security risk that is being violated is called least privilege. This makes a hacker job easy. I can solve your new user policy.
2. Remote access need to be safer. A wide open remote access to the EHR system is very dangerous. A VPN should be put in place to control which accounts have remote access to the system. You will also have to connect to a secure network to access …show more content…
Not updating and patching a system regularly can have serve consequences. OS updates could introduce new vulnerabilities. All this need to be kept track of. I can solve this problem with a logging and auditing policy.
B. Policy Statements
After researching the national and international standards, create three policy statements that apply to the entire organization, comply with a national or international standard, and might have prevented the security breaches identified in part A.
1. New user policy:
Some of the user accounts were not implemented to the new system.
• New accounts passwords will be: HealthRecord18
• New users will be trained on how to protect their password before the account is created
• New users will also have password with at least 14 characters
• Active directory will pull new employees into the EHR overnight
2. Remote access policy:
A VPN is a major need for the remote access policy.
• VPN will not be issued to interns
• You must can to a secure network to use the VPN
• You can not access the internal network from public wifi
• Mangers will control who has VPN access
3. Logging and auditing policy:
Monitoring changes is why we need a logging