Subject: Development of a Proper Mitigation Framework for Network Security Risks

Name:

Tutor:

Course:

Date:

Writing in the Professions

Project Proposal

Letter of Transmittal

To: General Manager, Howard University Hospital

From: Systems Researcher

Subject: Development of a Proper Mitigation Framework for Network Security Risks

Date: 2016, February 5

Dear Sir/Madam,

Howard University Hospital has been at the forefront of providing quality healthcare services to campus students as well as individuals based in the Washington area. However, the organization has been subject to risks associated with cybercrime. With most organizations focusing on the implementation of technology for reasons aimed at achieving a competitive edge, Howard University Hospital is no exception. Despite this, the center has encountered threats imposed on its network hence resulting in the loss of clients and the mismanagement of significant information. In this respect, the proposal concentrates on the development of a mitigation plan that secures the organization’s network from threats associated with computer-based crime. The implementation of this plan may assist Howard University Hospital in network security.

Sincerely,

Systems Researcher

Development of a Proper Mitigation Framework for Network Security Risks

Name:

Disclaimer

I developed this feasibility study for an assignment in RPW300 Writing in the Professions at Saginaw Valley State University. Visuals and other materials included are cited properly and subject to fair use exemptions for intellectual property.

Executive Summary

The main aim of the study involves the recognition of network security processes that may be effective in safeguarding Howard University Hospital from threats associated with cyber security. Accordingly, the respective research will focus on the development of an appropriate mitigation and response framework for the organization in question. Even though the notion seems fit for the situation, it is still imperative to ensure that the plan is capable of yielding productivity in future. In the end, the Howard University Hospital is a business organization. As such, it requires a network security plan that will mitigate threats and risks associated with cyber crime. Furthermore, the mitigation and response framework will abide by the organization’s going concern by being self-reliant, particularly in updating its information resources.

Introduction

Mitigation plans based on the implementation of network security allow organizations to gain protection against instances of cyber crime. As long as any organization possesses an internet connection, it is impossible to avoid the risks that will affect the entity’s network architecture. In this respect, the study will focus on the history of the current issue affecting Howard University Hospital. Understanding the history of the problem will be significant in figuring out the gravity of the concern at hand. Following this, the study will concentrate on the investigation of the affective problem as well as its implications on the institution. The proposed investigation procedure will comprise a considerable aspect of the research since it will determine the culminating solution and further comprehension of problem in respect to the context of the organization. Lastly, the study will provide a lasting resolution that will be appropriate in mitigating the impending situation affecting the organization in question.

Problem History

Over the last few years, Howard University Hospital has experienced a range of events and occurrences related specifically to cybercrime. Recently, the organization faced an information breach comprising organized theft and transactions comprising the vending of imperative personal information belonging to patients such as Medicare identification figures. Adding on, the organization encountered burglary associated with the need to acquire important data via the theft of the firm contractor’s laptop. The respective item was imperative to the center since it possessed imperative records for nearly 34000 patients. Seemingly related to the incidents, an employee faced charges for contravening the Health Insurance Portability and Accountability Act (HIPAA) in respect to allegations asserted by federal prosecutors. Apparently, the worker used his position as a surgery technician to engage in unlawful divulgence of private health information for profitability. Even though the center issued coverage for the possibility of identity theft, important data such as the patients’ addresses, social security numbers, and Medicare numbers, was compromised. 

Proposed Investigation Process

Investigating the problem affecting Howard University Hospital requires possessing an understanding of the elements that constitute breach of information. Usually, a data breach comprises the inadvertent or deliberate divulgence of secured information to unlawful parties (Choo 722). Having knowledge of this particular information will localize the investigation process and limit it to the respective problem. Aside from this, the investigation process will also focus on verifying the type of individuals that seek this information through a face-to-face interview. Based on this, determining this will also comprise understanding whether such individuals will gain any incentives from this act. Since most cases of data breach are linked to financial incentives, then the process may be further localized to stakeholders within the center that may benefit from the sale of personal information to external parties. In other cases, it would still be important to be aware of other motivations that may influence the respective problem. Using both aspects will be strategic in determining the cause of the problem and the solution appropriate for dealing with such situations.

Project Timeline

Activity	Time Taken	Milestone Completed
Research on the topic of data breach in respect to network security	3 to 4 days	Localized investigation process
Verification of possible stakeholders via face-to-face interviews	6 to 7 days	Completion of a focus-based questionnaire process
Limiting process to specific stakeholders	1 to 2 days	Recruitment of important  workplace personnel for investigation process
Summation	10 to 13 days

Proposal Budget

In this case, the study will not require extensive utilization of resources. As such, the costs that may arise will be diminutive for the organization.

Resource	Cost
Writing materials for research	$10
Portable camera for face-to-face interviews	$25
Purchase of materials for research, particularly literature on network security and architecture	$50

Project Personnel

The proposed study will mainly comprise the data collector. Further assistance will be provided by specific members of the organization’s management. The gathering of information from employees will be imperative in determining possible suspects as the data collector. Based on such data, my task will also involve determining individuals that may be possibly connected to the breach of data in the organization. After this, a special committee comprised of 3 members of the management will take part in questioning the suspected stakeholders that I have presented to them.

Conclusion

To this end, the proposed study will concentrate on determining the causes of the problem that has been affecting Howard University Hospital over the last few years. Accordingly, the organization has been a victim of data breach, which has led to the dissemination of private information belonging to patients. Following this, the study proposes an investigation of the firm’s stakeholders, particularly employees, since they stand to gain if such actions are based on financial incentives. The respective plan presents the best course of action for the problem since it focuses specifically on the organization’s internal environment hence attacking the problem from the inside. Furthermore, focusing on the center’s internal stakeholders may drastically limit further instances of data breach from taking place in future.

Feasibility Study

Memo of Transmittal

To: General Manager, Howard University Hospital

From: Systems Researcher

Subject: Providing Solutions for Resolving Mismanagement of Information

Date: 2016, February 5

Dear Sir/Madam

Howard University Hospital has experienced breach of the information regarding its patients and other stakeholders. As such, the organization has attained a negative reputation due to the loss of private information. Nonetheless, certain alternatives may prove useful in the resolution of the issue. Foremost, the organization can focus on the application of penetration testing procedures. Alternately, the organization may choose to review its policies on the release of private information. Due to the possible effectiveness of each solution, the recommendation focuses on the integration of both alternatives in order to compensate for the shortcomings that each possesses.

Sincerely,

Systems Researcher

Feasibility Study: Providing Solutions for Resolving Mismanagement of Information

Name:

Disclaimer

I developed this feasibility study for an assignment in RPW300 Writing in the Professions at Saginaw Valley State University. Visuals and other materials included are cited properly and subject to fair use exemptions for intellectual property.

Executive Summary

The sole objective of the feasibility study involves the provision of the solutions that will be significant in curtailing the threats of network security imposed on Howard University Hospital. However, providing a solution for the situation comprises the incorporation of certain steps. Foremost, the study will concentrate on highlighting the issue affecting the organization in question. After exhibiting an understanding of the situation, the feasibility study will provide a pair of solutions or alternatives that may resolve the problem in Howard University Hospital. Based on the alternatives provided, the study will eventually provide a recommendation based on the solution that best resolves the situation.

Introduction

Numerous organizations have been subject to problems associated with threats relating to the security of their respective computer networks. Due to aspects such as competition and a need to gain financial incentives, activities such as data breach, hacking, cracking, and eavesdropping have become prevalent. Campus organizations such as Howard University Hospital are not exempted from this problem. Regardless of its significant contributions to the society in respect to the provision of affordable healthcare, the organization has been subjected to various attacks on its network with assailants focusing specifically on the theft of the patients’ private information. Despite this, it is still possible to ensure that the organization is secure from such attacks. Foremost, the organization can focus on the implementation of external penetration testing. Secondly, the organization may choose to review its policies concerning the divulgence of private information. For recommendation purposes, the study will assert the best possible solution.

Problem History

Currently, Howard University Hospital is at the helm of offering healthcare services to residents and campus students within the Washington area. With the area being particularly sizeable, the institution is easily accessible by persons seeking medical care and treatment services at affordable rates. Despite this, the organization has been connected to the provision of poor services related specifically to the mismanagement of information provided by patients. Moreover, the organization’s conventional facilities have restricted it from applying measures aimed at the protection of private information. As such, it is important for the organization to apply contemporary solutions that will focus on achieving network security.

Discussion of Solutions

The solutions that may be ideal for the problem facing Howard University Hospital mainly focus on the reinforcement of its network architecture. The first solution involves the adoption of penetration testing processes that will protect the hospital’s network from any cyber-based intrusions. Alternatively, the second solution will advocate for the review of the organization’s policies regarding the release of personal information.

Discussion: Solution 1 – Application of Penetration Testing Procedure

Since the main issue involves the mismanagement of information through data breach, penetration testing is viewed as a rational solution for eradicating the problem. The respective process will determine the system’s vulnerabilities and the different ways that violators can access the network (Andress and Winterfeld 78). Gaining such information will facilitate the development of a reinforced network that curbs any novel threats. However, the process is time-consuming due to the determination of disparate ways that violators can enter the system.

Discussion: Solution 2 – Reviewing Policies on Divulging Private Information

The second alternative takes note of the fact that the organization’s current problem does not arise solely from network attacks. Hence, by reviewing the policies that guide the release of private information, the organization may eliminate loopholes that facilitate related breaches. Nonetheless, the respective alternative may be less beneficial in the event that other procedures for limiting the contravention of personal data are not used collectively.

Recommendation

To this end, Howard University Hospital may benefit from a combination of both solutions. The use of penetration testing may determine the network system’s susceptibilities and modify it accordingly. In addition to this, reviewing the policies on the release of private information may exhibit vulnerabilities that will further be addressed by the management comprehensively.  

Works Cited

Andress, Jason, and Steve Winterfeld. Cyber Warfare: Techniques, Tactics, and Tools for Security Practitioners. Boston: Elsevier, 2011. Print.

Choo, Kim-Kwang R. “The Cyber Threat Landscape: Challenges and Future Research Directions.” Computers & Security 30.8 (2011): 719-731. Print.