LiveWell is a physiotherapy clinic, which has four branches and recently opened two more branches aiming to cater the diverse needs of the community. They are hoping to provide current and state of...

1 answer below »

LiveWell is a physiotherapy clinic, which has four branches and recently opened two more branches aiming to cater the diverse needs of the community. They are hoping to provide current and state of the art technology and services to patients. They are focusing on a customer relationship management system to target their customers. The initial few months have been slow for the newly opened clinics but have seen a steady surge in their customer base. The numbers seem to be picking up and the website has been accommodating the current appointments well. Although the company has invested well into the infrastructure, it would like to be prepared for the future to accommodate the increase in patient appointments. Recently they have been plagued with viruses in their main database which corrupted their mailing list and sent incorrect information regarding offers and promotions to its existing patients.

They currently have a centralised database and networked machines used for for all the operations including patient’s data handling and management by admin staff and therapists. There are only a few security measures for the used software and hardware, i.e. login etc, as they feel secure with the physical security such as locks and alarms. The admin is responsible for the entire patient facing communication as this is the only way they can promote services to their patients. The admin team works in shifts as well as the physiotherapists and there is no clear separation of responsibilities concerning communication with the patients and the recommendations made or changed to patients.

They have created a web portal and are hoping to attract new customers. The company would like to increase brand awareness. The latest effort to reach out to a wider market via Google adverts has resulted in new patients showing interest from various geographical locations. As they are a small business and have limited resources and concerned about the stealth viruses and spam etc .

With the influx of new patients, it has been feared by the management that the current systems and addition of web portal makes them more susceptible to attacks, and wouldn’t be able to sustain their service levels well. Therefore, the LiveWell clinic’s management are concerned with the compliance, data protection and ethical working. Thus, they require some guidance and recommendations to resolve such issues and would like to call upon your consultancy services to analyse the risks they may face and hope to control them.

Assessment Specifications

This is an individual assessment and the report word limit is 3000. You have been called as a consultant to determine the risks and their impact on their business by performing a thorough risk assessment. They are looking to get clear possible solutions for the risks perceived in the current and near future. You need to perform a risk assessment as the company would like to identify potential risks and their impact on its business and to propose a risk control strategy. They would require you to use this scenario as well as current market research within the healthcare sector to make your assumptions achieving assessment outcomes A, B, C, D and E.

Deliverables: You must produce a report containing the following features and content:

  • A management summary.
  • Clearly stated assumptions within the body of the report as well as listed in the appendix.
  • Critical evaluation of the threats and vulnerabilities.
  • Use of risk evaluation techniques such as weighted factor analysis and risk register to identify and priorities assets at risk.
  • Appropriate Control suggestions made, based upon the risk scores.
Report should be supported by appropriate and relevant industry research documented using Harvard style of Referencing (in-text citation).
Answered 3 days AfterApr 06, 2022

Solution

Abishek A answered on Apr 10 2022
12 Votes
Management Summary:
The LiveWell clinic as portrayed by the said material is fairly new to the security realm as per their past experience. Customer Satisfaction being their motive, it's highly imperative that the management system is cleared of any vulnerabilities and a hierarchical system implemented to make sure of any physical intrusions.
The cu
ent functioning of the organisation might lead to the loss of their assets including valuable customers/patients, loss of equipment along with the possibility of being subjected to liquidation as per the jurisdiction of the nation in the case of the massive data leak resulting in the exposure of sensitive patient information.
In all likelihood, it's suggested to maintain a risk management system which counters all the possible security flaws the system might be targeted towards.
Critical Evaluation Of The Threats and Vulnerabilities:
Based on initial evaluation, the vulnerabilities faced by the organisation are the lack of back-up systems ( since they only advertise two servers which is inadequate ), poor authentication, hierarchy mismanagement ( there is no separation of duties ), security misconfigurations ( if any ) and poor implementation of security.
The first of all being the lack of systems which is disastrous in the event of a catastrophic system crash as the log data along with the sensitive information handled by the system will be lost and the company deemed accountable for the mismanagement.
The data includes, previous appointment history, personal details of the patients including their debit and credit card information and medical records which are all deemed important and i
etrievable in the wake of such a scenario.
The crash / e
or in the system might result even without external factors involved such as power delivery failure and others where a perpetrator might be involved. In either scenario, it's suggested to take appropriate measures by creating a back-up system with port switching (ready to be deployed) in such cases.
There needs to be a system administrator and even a network analyst to raise tickets in the event of an attack to mitigate most of the risks towards the system.
The second and the most common reason is
oken authentication.
Broken authentication is essentially in the case of an identity theft and allows an attacker to get into the system by means of impersonation. It can have drastic repercussions on the end system, from gaining complete and utter control of the server to defacing a website.
Preventing the problem is fairly easy by means of encryption and biometrics.
We'll look more into the techniques in risk mitigation techniques.
Hierarchy mismanagement occurs as a result of
oken authentication and lack of session management. There should always be an administrator who asserts the role of the defender as he would have complete control of the system. This includes the ability to allocate tasks, grant access to the server parameters and manage the deployment of the support systems.
Duties such as hardware troubleshooting and assessing new technologies to better the service of the company are also done by the sysadmin.
There needs to be a database administrator which handles all the SQL, tableau entries and alterations. A data centre administrator specialises in service system management which directly affects the clients of the organisation. Automation, patching and recovery also are the said responsibilities
The organisation needs to however advertise a certain hierarchy with limited
equired privileges to their staff tasked by the administrator with the approval of the management of the said organisation.
The privileges vary according to the nature of work allotted to each employee.
Security misconfigurations are as a result of human e
or. Every business establishment has people...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here