C726: Healthy Body Wellness Center Cybersecurity Architecture Report

Verified

Added on 2022/12/23

AI Summary

This report analyzes the cybersecurity landscape of the Healthy Body Wellness Center (HBWC), focusing on its current IT infrastructure, including the Office of Grants Giveaway (OGG) and its grant tracking system (SHGTS). The assignment involves assessing existing threats, such as the single-user nature of SHGTS, the paper-based payroll system, and the limitations of the Windows 2008 R2 server. The report identifies the goals and objectives of a new system, including enhanced data security, remote access capabilities, and a modernized grant process. It delves into factors influencing the technical design, such as the need for an interactive user interface, data migration to MS SQL servers, and the obsolescence of the current database system. The proposed system incorporates an online tracking system, improved security measures, a widget-based user interface, and a transition from paper-based to online payroll. The report suggests using Software as a Service (SaaS) for the new system, emphasizing the importance of data security in the face of increasing cyber threats and includes recommendations for backup and disaster recovery.

Running head: HEALTH BODY WELLNESS CENTER
HEALTH BODY WELLNESS CENTER
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
HEALTH BODY WELLNESS CENTER
Current system overview
The Health Body Wellness Center is a an education center that aims to provide education
to the members of the local community member related to health care and provide help for
patents and their wellbeing. The HBWC has an Office of Grants Giveaway (OGG), which is
responsible for distribution of medical grants and is designed in such a way to provide help on
many aspect of community wellness. The major grant distribution is among the small hospitals
or more specifically those hospitals with 250 or lesser number of beds. The HBWC uses a
traditional payroll structure or a paper based structure for the employee and they intend to
upgrade this system to an online based system. The current grant tracking system used by
HBWC is a Small Hospital Grant Tracking System (SHGTS) and all the grant data are organized
through this system. All the grant funding is carried out by automated clearing house (ACH)
processing and all the banking data related to the hospital are stored in SHGTS.
The SHGTS is a single user system and assists in assigning and tracking of small hospital
grants and this system runs on a desktop computer. The unused grants from a previous hospital is
used next month for another hospital. Major functions of the SHGTS are the tracking of the
initial delivery of the funds of the grant, storing the appropriate data and can follow the grant up
to five hospital facilities. The current system uses Windows platform and Microsoft based
application to maintain their database with a small staff of programmers. The system uses a
broadband connection. The database used by SHGTS reside in Windows 2008 R2 and is a
Microsoft Access 2010 database. The data is secured by the built in data security mechanism of
Windows 2008 R2 platform.
The SHGTS has three categories of users which are administrative, executive and basic
users. To maintain a better efficiency of the SHGTS system, three members of the technical

2
HEALTH BODY WELLNESS CENTER
support team are given full administrative rights of the Windows 2008 R2 server and the
database administrator (DBA) of SHGTS do not have administrative privileges to the Windows
2008 R2 operating system. The users of the system has different levels of control like the
administrative user has full control over the application and reserves the rights to alter the code
and the database, likewise the executive level has the access to all the reports and has the rights
to update only the key fields that deals with the assignment of the grants. Lastly, the basic user
has the access to most of the forms and has the capability to update main fields that are related to
the assigned grants.
A Virtual private network is used to have remote access to the SHGTS system but the
knowledge of VPN is limited amongst the users. The network is accessed via Pulse Secure
software where a token or personal identity verification (PIV) badge is used to login to the
network. The current payroll is paper based and is done by using QuickBooks. There is no
facility of direct deposit and paper checks are used to provide the grant money. In the current
system, the patient information of HBWC and research data are stored and managed in Excel
spreadsheets.
Goals and objectives of the new system
The main goal of the new system is to have an efficient way to manage the database and
have better security of the user data and the organizational data. The new system will need up
gradation of the network and modernize their grant process. The internal processes should be
done according to the present laws and regulations laid down by the federal government. The
paper based payroll system can affect the working of the HBWC and may lead to internal
complexities regarding payments and transactions. The present grant approved tracking system
of the SHGTS can track only up to five hospitals facilities, this count needs to be maximized.

3
HEALTH BODY WELLNESS CENTER
The transfer of database from Microsoft Access 2010 to MS SQL is required as MS access do
not provide access to multiple users simultaneously and the database should be accessible via
internet. In order to get more medical grants from National Institutes of Health (NIH) and to
grow the infrastructure the current system needs up gradation to handle the load from the heavy
dataflow. There should be secure remote access for employees and the secure transmission of the
ACH data.
Any update in the system will require education for the users of the system and
recruitment of professionals to manage the system. The objectives of the new system includes
advanced disaster recovery and backup of the data. However the SHGTS system does not
contain any sensitive data but still failure of the system can affect the daily operation of the
organization. The new system aims to make the data available via remote access and develop a
cloud based grant tacking system. Any failure in the system can result in the prevention of
employees getting paid. Another goal of the new system is the reduction of redundancy to store
more data and manage the data more efficiently. The employee salary details should be accurate
and control level for each user should be defined in the system so that there is no conflict within
the organization and the access control. The manual invoices are to be replaced with online
transactions and digital invoices. To gain high level security for confidentiality of the user
sensitive information and employee details is another objective of the new system. To reduce the
risks of data corruption and obtain high level security for the data stored in the database server
through Security Assessment Plan is also another aim of the new system. Moreover, the main
objectives and aims of the new system are to attain stability, an online tracking system for the
grants, strong security for the sensitive data, remote access for the users and the employees, a

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
HEALTH BODY WELLNESS CENTER
widget interactive user interface and replacement of the traditional paper based payroll system
with an online system.
Factors Influencing Technical Design
The advancement in the IT sector has a great impact on the technical design of the new
system. The outdated system of the HBWC and the traditional methods of their business process
are major factors for the up gradation of the system. For better collection and management of
records need advanced and up to data systems. The use of MS access 2010 database to store the
data will be obsolete by the year 2020 as Microsoft will stop supporting the Windows 2008 R2
servers where all the data of the HBWC resides. Migration of data to MS SQL servers are
required for the continuity of the service. There is a lack of interactive user interface for the
traditional system and is another factor for the development of the new system. Modern web
servers are required for the data storing and sharing of the HBWC. With web-based services they
will be able to reach more users and grow their infrastructure. If there is web server then there
should be proper security of the data stored in those servers for this the HBWC needs to
implement strong security encryption of the network and the data.
The knowledge of using VPN is still unknown for some users and for this reason proper
education about the technology should be provided to the users of the system. The traditional use
of paper based payroll system is outdated and needs modernization for effective results and
enhanced working of the HBWC. The tracking system has limited tracking capabilities and also
include paper works which can reduce the efficiency of the overall performance of the grant
tracking system for this reason there should be a proper online tracking of the grants. The
traditional system does not have a proper interface and paper works take a lot of time to process
the grants, introduction of online system with a graphic user interface will improve the process.

5
HEALTH BODY WELLNESS CENTER
The new system will deliver widgets for interactive user interface and better synchronization of
the process. The widgets will also help to identify modifications in the system and reduce
duplicate of data and access to those data faster and in efficient way. The searching facility of the
widgets will help the users to get any information instantly. The online system will reduce
internal errors in the organization.
With modernization in technology the competition in every market is increasing at a high
rate. Customers need instant access to data and information, failing in this will reduce the
customer database and migration of customers to other service providers. The online system will
ensure fast transfer of data and faster updates. The new system is designed in such a way so as to
deliver efficient management of resources and tracking of the grants in an appropriate way.
Customer reliability on the HBWC grant system is also a factor for the technical design of the
system. More efficient and management of the user information will provide reliability on the
system.
Proposed System
The proposed system will include an online tracking system and a master repository for
the widgets. The level of security will be improved in the new proposed system. An introduction
of interactive user interface is suggested and better use of resources. The online tracking system
will provide better tracking of the grants and drive in more users. The online system will ensure
better security of the user data and improved web based access control. The grant table will be
sorted by the key personnel which means the time to search for a data in the data will be easier
and will reduce time for searching some particular data. The grant success rate will also be
tracked by the proposed system and will increase the productivity of the staff and other members
of HBWC. There will be an efficient way of storing the annual reports which will include

6
HEALTH BODY WELLNESS CENTER
information about the funding agency, period of the project, the total budget and the budget
period. The proposed system will provide improved assistance for the staff members with the
user interface and widgets.
The new system will provide real time information to the users. Remote access to the
database for the employees and the users is ensured with the new design. The paper work needed
and long process for the grant will be reduced using the new system. The migration of data from
the Windows 2008 R2 servers to new web based SQL servers will be easier and comfortable.
Proper backup and disaster management are ensured in this new system. Restoration of the data
due to any disaster will become easy. The paper works will be reduced and real time updates will
improve team communication. The internal conflicts regarding any payroll issue will also be
reduced as the new system will track every details and everything will be computerized and
online. The SaaS or Software as a service will be used for this proposed system which allows
access over the internet and hosted and distributed over the cloud based servers. The vendor or
the host will take care of the technical issues and hardware reacted issues so, there is no need for
an IT support but, to ensure efficiency of the system on premise IT support is recommended. The
purpose of using SaaS is that the system hosted by these software service providers is accessible
through web browser as well as mobile devices.
The proposed system will provide ease of use and access to the database and the
centralized server will increase team collaboration and efficiency of the overall process. In this
modern era of increasing technology, cyber-attacks are increasing at an alarming rate and for that
reason data security is must and the proposed system will ensure the security of the user data as
well as the organizational data. The paper receipts will be replaced by the online receipts and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
HEALTH BODY WELLNESS CENTER
thus making the transaction process faster. The new proposed system will improve the tracking
of grants and increase the efficiency of the Healthy Body Wellness Center.
Dread Analysis
Threat ID:
Summary of
identified threat:
Rating Categories Definitions Scoring
Damage Potential
The extent of actual damage
possible—measured in
dollars, length of downtime,
loss of information, or life.
10
Reproducibility
What is the success rate
and pervasiveness of
opportunities for threat
realization?
7
Exploitability
What does it take to realize
the threat? Measure the
availability of tools or
expertise required to realize
the threat.
7
Affected People
If the threat were exploited
and became an attack, what
percentage of users would
be affected?
4
Discoverability or
Detectability
What is the risk that an
attacker can discover that
the vulnerability exists?
Measure the ability for a
successful attempt to be
noticed.
7
Average 7 (out of possible 10)
Risk Rating High Low < 4 ; Med < 7 ; High 7+
Risk Analysis
Th Descrip So Risk Da Reprod Exploi Affe Discoverability Possible Iss

8
HEALTH BODY WELLNESS CENTER
rea
t
ID
tion of
Threat
rt
O
n
Th
is
To
tal
Ri
sk
Sc
or
e
Lev
el
(H/
M/L
)
mag
e
Pote
ntial
ucibility tability cted
Peo
ple
/Detectability Counter
measure
s
ue
s
1 Data
Breach:
In case
of data
breach
issue
the
main
issue
that will
be
5 M Hig
h
Mediu
m
Mediu
m
Med
ium
High Usage of
firewall
in the
processi
ng of the
database
system
will be
present
and
hence

9
HEALTH BODY WELLNESS CENTER
faced
includes
the fact
that
data of
HWBC
might
get
breache
d. This
will
ensure
that
data
might
get lost.
This is
the
mjor
reason
that
function
ing
the
manage
ment of
the data
that are
present
in the
data base
will be
well
managed
. This
will
ensure
that data
that are
stored
are kept
in a
secured
manner.
Usage of
firewall

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
HEALTH BODY WELLNESS CENTER
processi
ng will
be
having
a major
drawba
ck as
the
imposte
rs will
be
having
a
chance
of
gaining
data
that are
present
in the
data
base of
HWBC.
will
reduce
the
chances
of
gaining
access to
the data
that are
stored in
the
database.
Another
major
aspect
that will
be taken
into
consider
ation is
that the
manage
ment of

11
HEALTH BODY WELLNESS CENTER
In case
data
breachi
ng
happens
, the
original
set of
data
will be
getting
modulat
ed and
hence
an issue
regardin
g the
busines
s
manage
ment
will be
affected
the
security
aspect of
database
will be
performe
d in an
efficient
manner.