You are the newly hired LAN administration and security manager at Healthy Body Wellness Center (HBWC). The HBWC includes the Office of Grants Giveaway (OGG), a growing department responsible for...

1 answer below »
You are the newly hired LAN administration and security manager at Healthy Body Wellness Center (HBWC). The HBWC includes the Office of Grants Giveaway (OGG), a growing department responsible for distributing hospital research grants.


The HBWC currently relies on a local area network (LAN), but plans to expand their services and hire more employees this year. It is evident the current cybersecurity architecture is limited and unable to meet current needs. In addition, HBWC’s cybersecurity architecture will need to transition to a wide area network (WAN).


Using the attached “Healthy Body Wellness Center Case Study” and “Healthy Body Wellness Center Security Assessment Report,” conduct a security analysis of HBWC’s current technologies and applications and identify threats to the company’s existing architecture. You will use the findings from your analysis to complete the attached “Business Requirements Document Template.”


Healthy Body Wellness Center Business Requirements Document Template Healthy Body Wellness Center/Initiative Month 20YY Version X.XX Company Information 1 Document Revisions (Not required for performance assessment) Date Version Number Document Changes 05/02/20xx 0.1 Initial Draft 2 Approvals (Not required for performance assessment) Role Name Title Signature Date Project Sponsor Business Owner Project Manager System Architect Development Lead User Experience Lead Quality Lead Content Lead Use Case Template Tech Comm TemplateBRD Page Template provided by TechWhirl.com copyright INKtopia Limited | All Rights Reserved 1 3 Introduction 3.1 Project Summary 3.1.1 Objectives [These should describe the overall goal in developing the product, high-level descriptions of what the product will do, how they are aligned to business objectives, and the requirements for interaction with other systems.] 3.1.2 Background [Provide a brief history of how the project came to be proposed and initiated, including the business issues/problems identified, and expected benefit of implementing the project/developing the product.] 3.1.2.1 Business Drivers [List the business drivers that make development of this product important. These can be financial, operational, market, or environmental.] 3.2 Project Scope [Describe what work is in scope for the project and what work is specifically out of scope—beyond the current budget, resources, and timeline as approved by the project stakeholders. This is designed to prevent “scope creep” of additional features and functions not originally anticipated.] 3.2.1 In-Scope Functionality 3.2.2 Out-of-Scope Functionality 3.3 System Perspective [Provide a complete description of the factors that could prevent successful implementation or accelerate the projects, particularly factors related to legal and regulatory compliance, existing technical or operational limitations in the environment, and budget/resource constraints.] 3.3.1 Assumptions 3.3.2 Constraints 3.3.3 Risks 3.3.4 Issues 4 Business Process Overview [Describe how the current process(es) work, including the interactions between systems and various business units. Include visual process flow diagrams to further illustrate the processes the new product will replace or enhance. Use case documentation and accompanying activity. Alternatively, process flow diagrams can be used to create the description(s) of the proposed or “To-Be” processes.] 4.1 Current Business Process (As-Is) 4.2 Proposed Business Process (To-Be) 5 Business Requirements [The specific business requirements elicited from stakeholders should be listed and categorized by both priority and area of functionality to smooth the process of reading and tracking them. Include links to use case documentation and other key reference material as needed to make the requirements as complete and understandable as possible. You may wish to incorporate the functional and nonfunctional requirements into a traceability matrix that can be followed throughout the project.] The requirements in this document are prioritized as follows: Value Rating Description 1 Critical This requirement is critical to the success of the project. The project will not be possible without this requirement. 2 High This requirement is high priority, but the project can be implemented at a bare minimum without this requirement. 3 Medium This requirement is somewhat important, as it provides some value, but the project can proceed without it. 4 Low This is a low priority requirement, or a “nice to have” feature, if time and cost allow it. 5 Future This requirement is out of scope for this project and has been included here for a possible future release. 5.1 Functional Requirements Req# Priority Description Rationale Use Case Reference Impacted Stakeholders General / Base Functionality Development teams Infrastructure engineers Security Requirements Reporting Requirements Usability Requirements Audit Requirements 5.2 Nonfunctional Requirements [Include technical and operational requirements that are not specific to a function. This typically includes requirements such as processing time, concurrent users, availability, etc.] ID Requirement 6 Appendices (Not required for performance assessment) 6.1 List of Acronyms [If needed, create a list of acronyms used throughout the BRD document to aid in comprehension.] 6.2 Glossary of Terms [If needed, identify and define any terms that may be unfamiliar to readers, including terms that are unique to the organization, the technology to be employed, or the standards in use.] 6.3 Related Documents [Provide a list of documents or web pages, including links, which are referenced in the BRD.] Assessment Code: Task Title Security Assessment Report for Healthy Body Wellness Center (HBWC) Security Categorization: Low Version 1.0 Prepared by Endothon Security Consulting FOR OFFICIAL USE ONLY Document Revision History The Systems Assessment Report (SAR) is a living document that is changed as required to reflect system, operational, or organizational changes. Modifications made to this document are recorded in the version history matrix below. At a minimum, this document will be reviewed and assessed annually. Reviews made as part of the assessment process shall also be recorded below. This document history shall be maintained throughout the life of the document and the associated system. Date Description Version Author 12/02/20XX Document Publication 1.0 Program Office Security Assessment Report (SAR) Approval Signatures I have reviewed the Healthy Body Wellness Center (HBWC) SAR and accept the analysis and findings within. _______________________________________ __________ Leilani Johnson Date Security Control Assessor _______________________________________ __________ Kamal Thomas Date System Owner _______________________________________ __________ Eva Johnson Date Information System Security Officer _______________________________________ __________ Ren Phan Date Privacy Coordinator Table of Contents 1Overview6 2System Overview9 2.1System Name9 2.2General System Description and Purpose9 2.3System Interfaces10 2.4Data10 2.5Criticality10 2.6Security Categorization11 3Assessment Methodology12 3.4 Overall Security Findings15 3.5 Overall Findings Across All Connected Systems16 4Security Assessment Results23 5Nonconforming Controls27 6Authorization Recommendation28 From: Dr. Michael Sousa, Head Consultant, Endothon Security Consulting To: Board of Directors, Healthy Body Wellness Center We would like to thank Healthy Body Wellness Center (HBWC) for having us conduct this security audit for the company. Endothon Security Consulting is a multimillion-dollar company specializing in the security of grants and the grant process for companies and the U.S. federal government, such as the National Institutes of Health (NIH). Our key findings indicate HBWC needs specialized support in updating and modernizing their network, grant process, and internal controls to address the changing landscape of laws, regulations, and standards that apply to the federal government grant process. Specifically, HBWC needs to address 1. Lack of controls and policy covering system administration, governance, training, accountability, and other identified processes in this report. 2. Systems design is outdated, requiring immediate attention to rectify 3. Web server and web-based services lack of cryptographic controls, auditing, accountability, and user accounts do not meet business or security objectives for HBWC. a. There is no attached database. Rather, each grant is processed as a text file, saved on a network share that is then delivered to NIH via inbuilt polling software looking for hard drive changes. This is unsuited to the current grant process developed by the U.S. federal government and must be updated. 4. Lack of cryptographic controls is impeding the growth of HBWC and its ability to compete in the block grant process from NIH. 5. Environmental concerns must be addressed, including disaster recovery and data center and backup concerns. 6. Conduct a thorough analysis of existing technology and applications. 7. Which elements already in place are no longer able to support the operations. 8. Synthesizing business, technical, security, and regulatory requirements for fitness in ongoing operations. 9. Conducting a threat analysis of the applications and infrastructure to understand network- and application-security needs. 10. Design a replacement network to the existing LAN to support · Secure employee remote access · Secure ACH data transmissions · Secure NPI and Patient data to the required levels · Third-party extranet connections to cloud-based SaaS providers of services to Office of Grants Giveaway (OGG) We appreciate the time HBWC employees spent with us to help us compile this report. If you have any questions, please feel free to consult Endothon Security Consulting at any time. Regards, Dr. Michael Sousa 1Overview This document represents the Security Assessment Report (SAR) for HBWC as required by NIH for security authorization. This SAR contains the results of the comprehensive security test and evaluation of HBWC. This assessment report, and the results documented herein, supports program goals, efforts, and activities necessary to achieve compliance with organizational security requirements. The SAR describes the risks associated with the vulnerabilities identified during HBWC’s security assessment and also serves as the risk summary report as referenced in NIST SP 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems. All assessment results have been analyzed to provide both the information system owner, institute/center information system security officer (IC ISSO), and the authorizing officials, with an assessment of the security controls as described in the HBWC System Security Plan. Title III, Section 3544, of the E-Government Act of 2002, dated December 17, 2002, requires agencies to conduct periodic assessments of the risk and magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the agency. Appendix III of Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, requires federal agencies to: · Review the security controls in each system when significant modifications are made to the system, but at least every three years. §3(a)(3) · Protect government information commensurate with the risk and magnitude of harm that could result from the loss, misuse, or unauthorized access to or modification of such information. §8(a)(1)(g); §8(a)(9)(a) · Demonstrate specific methods used to ensure that risks and the potential for loss are understood and continually assessed, that steps are taken to maintain risk at
Answered 3 days AfterMar 28, 2021

Answer To: You are the newly hired LAN administration and security manager at Healthy Body Wellness Center...

Neha answered on Mar 30 2021
139 Votes
Healthy Body Wellness Center
Business Requirements Document Template
Healthy Body Wellness Center/Initiative
Month 20YY
Version X.XX
Company Information
1 Document Revisions (Not required for performance assessment)
    Date
    Version Number
    Document Changes
    05/02/20xx
    0.1
    Initial Draft
    
    

    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
2 Approvals (Not required for performance assessment)
    Role
    Name
    Title
    Signature
    Date
    Project Sponsor
    
    
    
    
    Business Owner
    
    
    
    
    Project Manager
    
    
    
    
    System Architect
    
    
    
    
    Development Lead
    
    
    
    
    User Experience Lead
    
    
    
    
    Quality Lead
    
    
    
    
    Content Lead
    
    
    
    
Use Case Template
    Tech Comm Template    BRD
Page
    Template provided by TechWhirl.com
copyright INKtopia Limited | All Rights Reserved
    
    1
3 Introduction
3.1 Project Summary
3.1.1 Objectives
This project is created to meet the requirement of upgrading the infrastructure of the organization and also provide the integrity and confidentiality for the data. They want to have scaling for the architecture of the company. The major objective of this project is to focus on the 3 areas which are small hospital grant tracking system, QuickBooks which will have the management for the payroll activities and maintenance of the research data. We can focus on these data and it will help us to meet the objective of the organization to scale it and also comply with the regulations for stop the small hospital grant tracking system can be used over the cloud-based software as a service model which will allow the organization 2 work from the remote location and also enable the search database. It will allow the receipts of the grants and researchers to get all the information from an A consolidated location.
3.1.2 Background
    To understand this project, we can look at the objective of the business and the security assessment report provided by the security consulting. Currently this program for the tracking system of grants, research database and the maintenance of payroll system are major aspects which can be used to fulfil the objectives. They provided the SAR which can address different concerns for the threats related with the customers and employees. We can focus over these areas and it will be easier to mitigate all the security concerns which are present in the report and also achieve the objectives. We can utilise the cloud model to have interactive portal and it will improve the confidentiality of the personal information about the customers and employees. We can also outsource the payroll activities which will be handled by the export to provide confidence to the employees.
3.1.2.1 Business Drivers
It would be better for the organization to understand all the advanced computer system and the new technologies. If the system is not able to have integrity and confidentiality, then it can be a damage for the reputation of the organization. It is important for the organization to comply with the...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here