IT Infrastructure of MyHealth Company
Added on 2022-12-16
15 Pages3549 Words225 Views
Running head: IT INFRASTRUCTURE OF MYHEALTH COMPANY
IT infrastructure of MyHealth Company
Name of the Student
Name of the University
Author’s note
IT infrastructure of MyHealth Company
Name of the Student
Name of the University
Author’s note
IT INFRASTRUCTURE OF MYHEALTH COMPANY1
Table of Contents
1. Introduction..................................................................................................................................2
2. Discussion....................................................................................................................................2
2.1 Security Policy Development................................................................................................2
2.2 Review and Improve Security Policies..................................................................................8
3. Conclusion.................................................................................................................................10
References......................................................................................................................................12
Table of Contents
1. Introduction..................................................................................................................................2
2. Discussion....................................................................................................................................2
2.1 Security Policy Development................................................................................................2
2.2 Review and Improve Security Policies..................................................................................8
3. Conclusion.................................................................................................................................10
References......................................................................................................................................12
IT INFRASTRUCTURE OF MYHEALTH COMPANY2
1. Introduction
MyHealth Company is considered as one of the best healthcare service providers that is
primarily involved in the management of health education, research based on cancer related
issues and several clinical practices. With the rise of technological systems and a vast form of
usage of essential services, it has been seen that the company makes use of their database server
for the purpose of storing information based on the medical history records of patients (Green et
al. 2014). The company generates a wealth of data based on the analysis of their internal research
team.
However, it has been seen that the internal systems within the organisation have an
extremely poorly designed network that is not supported with the best level of security. Based on
the large number of medical records stored within their database servers, it is a very important
criteria for the company to ensure a highly accessible server that would be able to maintain each
of the complexities involved within their network (Boudreaux et al. 2014). MyHealth has a huge
need for developing a secure web system and protecting their internal servers from various kind
of attacks that might get launched within their internal database servers. This report would thus
discuss about the different forms of development of security policy. The report would further
also discuss about the essential policies based on improving the security functionalities within
their application and thus improving the system architecture based within the boundaries of the
company.
1. Introduction
MyHealth Company is considered as one of the best healthcare service providers that is
primarily involved in the management of health education, research based on cancer related
issues and several clinical practices. With the rise of technological systems and a vast form of
usage of essential services, it has been seen that the company makes use of their database server
for the purpose of storing information based on the medical history records of patients (Green et
al. 2014). The company generates a wealth of data based on the analysis of their internal research
team.
However, it has been seen that the internal systems within the organisation have an
extremely poorly designed network that is not supported with the best level of security. Based on
the large number of medical records stored within their database servers, it is a very important
criteria for the company to ensure a highly accessible server that would be able to maintain each
of the complexities involved within their network (Boudreaux et al. 2014). MyHealth has a huge
need for developing a secure web system and protecting their internal servers from various kind
of attacks that might get launched within their internal database servers. This report would thus
discuss about the different forms of development of security policy. The report would further
also discuss about the essential policies based on improving the security functionalities within
their application and thus improving the system architecture based within the boundaries of the
company.
IT INFRASTRUCTURE OF MYHEALTH COMPANY3
2. Discussion
2.1 Security Policy Development
Based on the results gained from risk assessment, some of the access control policy that
could be developed for MyHealth Company are:
Generic Identities – The group IDs would not be provided without the access of critical
data. They would thus be granted permissions based on certain exceptional circumstances
Privileged Accounts – The allocation of different forms of privileged rights such as
domain administrator, root access, super-user and local administrator would be strictly restricted
and thus be controlled (Shin et al. 2015). The authorisation of such kind of accounts would not
be provided explicitly but would be granted access only after proper approval from any senior
manager. It would thus be documented by the owner of system. The technical teams should be
able to safeguard against the use of privilege rights. These would thus help in maintaining the
prospects of integrity and confidentiality.
Maintaining data security levels – Each of the user involved within the system should
gain a knowledge about the importance of data security and sensitivity (Mosadeghrad 2014). The
users who would place the patient information in database systems should ensure that protective
measures are applicable over such systems.
Passwords – Highly strengthened passwords should be applied. The issuing of passwords
should be based on certain encryption algorithms that would help in ensuring the security over
such systems.
The differences between the incident response and disaster recovery could be discussed
as: The Incident Response could be defined as an organized approach based on the factors of
2. Discussion
2.1 Security Policy Development
Based on the results gained from risk assessment, some of the access control policy that
could be developed for MyHealth Company are:
Generic Identities – The group IDs would not be provided without the access of critical
data. They would thus be granted permissions based on certain exceptional circumstances
Privileged Accounts – The allocation of different forms of privileged rights such as
domain administrator, root access, super-user and local administrator would be strictly restricted
and thus be controlled (Shin et al. 2015). The authorisation of such kind of accounts would not
be provided explicitly but would be granted access only after proper approval from any senior
manager. It would thus be documented by the owner of system. The technical teams should be
able to safeguard against the use of privilege rights. These would thus help in maintaining the
prospects of integrity and confidentiality.
Maintaining data security levels – Each of the user involved within the system should
gain a knowledge about the importance of data security and sensitivity (Mosadeghrad 2014). The
users who would place the patient information in database systems should ensure that protective
measures are applicable over such systems.
Passwords – Highly strengthened passwords should be applied. The issuing of passwords
should be based on certain encryption algorithms that would help in ensuring the security over
such systems.
The differences between the incident response and disaster recovery could be discussed
as: The Incident Response could be defined as an organized approach based on the factors of
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Information Assetslg...
|20
|3704
|91
Cyber Security: Asset Identification and Risk Managementlg...
|19
|3526
|79
The Principle of Least Privilegelg...
|4
|824
|85
System Design Documentlg...
|8
|965
|350
Developing a Security Policylg...
|10
|1915
|475
CS3609 Cybersecurity Coursework Templatelg...
|7
|1604
|31