ICTNWK502: Network Security Plan for Royal Children's Hospital

Verified

Added on 2021/04/21

AI Summary

This report, centered around the ICTNWK502 course, presents a comprehensive network security plan designed for the Royal Children's Hospital in Melbourne. The report begins with an introduction, outlining the need to improve network infrastructure security to safeguard sensitive patient data. It includes permission letters from the manager to conduct tests and obtain necessary logs for a thorough risk assessment. The core of the report details the business requirements, focusing on the need to protect the vast amount of patient data stored by the hospital. It identifies potential threats, such as data theft, loss, and leakage from staff laptops, and proposes mitigation strategies, including encryption techniques like BitLocker and McAfee Endpoint Encryption. The implementation of these strategies is discussed, along with recommendations such as file/folder encryption, cloud usage for data backup, and browser hygiene. The report concludes with a list of references used in its development.

Running head: ICTNWK502
ICTNWK502
Name of the Student:
Name of the University:
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
ICTNWK502
Table of Contents
Introduction......................................................................................................................................2
Permission letter from the manager to perform the required tests...................................................2
Letter seeking permission to obtain the logs...................................................................................3
Business Requirements....................................................................................................................4
Threat Identification........................................................................................................................4
Mitigation Strategy..........................................................................................................................5
Implementation of the strategies......................................................................................................5
Recommendation.............................................................................................................................6
References........................................................................................................................................7

2
ICTNWK502
Introduction
The Royal Children Hospital Melbourne based hospital and they are looking to improve
the overall security of the network infrastructure for the organization so that the data of the
organization can be safely secured.
The report provides the security plan for the organization.
The permission letter from the manager to perform tests and obtain the logs is also
provided in the report. In addition to this, the planning and implementation procedures of the
security plan for the organization is also provided in this report.
Permission letter from the manager to perform the required tests
REQUEST FOR PERMISSION TO CONDUCT THE TEST ON THE NETWORK
[Date]
To: [Manager Name]
[Address]
From: [Author Name]
[Address]
[Contact Detail]
Dear Manager,
The letter is aimed at seeking permission to conduct tests to prevent the data from the laptops of
the company getting lost. The tests are a necessary measure for assessing the risk of the Royal
Children’s Hospital and hence assuring the security. It is also requested that the response of the

3
ICTNWK502
deemed request should be in writing along with the protocols that need to be considered if
permitted to carry on the test.
I am grateful for your time and consideration to my request and am hopeful of a positive
response from you.
Sincerely,
[Author Note]
[Occupation]
[Name of the University]
Letter seeking permission to obtain the logs
REQUEST FOR PERMISSION TO VIEW THE LOGS
[Date]
To: [Manager Name]
[Address]
From: [Author Name]
[Address]
[Contact Detail]
Dear Manager,
I am requesting you to provide us with the logs of the conducted test so that we can proceed with
the assessment of the risk and thus devise a strategy to secure the organisational system.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
ICTNWK502
I am grateful for your time and consideration to my request and am hopeful of a positive
response from you.
Thanks and Regards,
[Author Note]
[Occupation]
[Name of the University]
Business Requirements
The main business requirement for the organization in the storage of data and the
protection of the data. The case is about a hospital and the hospital have a huge amount of data to
be stored. The organization treats around 33,500 patients approximately. In addition to this
around 70,036 patients are present in the emergency system of the hospital. Hence, the hospital
requires to safeguard their data both for the safety of the clients and also for the business of the
company. It is been identified that the staffs in the hospitals store the information in the laptops
carried by them. Hence, there is need to safeguard the sensitive data the laptops and the network
of the organization is to be protected.
Threat Identification
It has been identified that the data are stored in the laptops of the nurses and the doctors
are very sensitive and hence, the possible options of losing the data from the machines are:
 The machine could get stolen and the sensitive data would fall into wrong hands and the
data can be used wrongly.

5
ICTNWK502
 The machine can also get lost or damaged and then in that case the data in the systems
would get damaged.
 The data can also be leaked by the staffs of the organization and this can be very harmful
for the organization.
Mitigation Strategy
 For the mitigation of the threats the systems and network of the organization can be
provided with some type of encryption techniques so that the data cannot be deciphered
easily.
 In addition to this, the machines can be integrated with some detection technique that
would help to locate the machines in case they are lost.
Implementation of the strategies
For the implementation of the strategies some encryption techniques are thought of and
they are:
 Using BitLocker for encryption in Laptop
 McAfee Endpoint Encryption
 Sophos SafeGuard Enterprise
 TrueCrypt
 CCleaner
However among these two technologies the BitLocker and the McAfee Endpoint Encryptions
can be used. The BitLocker is used in the Laptops for the safety of the data in the machine. In
addition to this the McAfee Endpoint Encryption is used for safeguarding the data within the
network.

6
ICTNWK502
Recommendation
A few recommendation for the safety of the network:
 Encrypting files and folders: Encryption for not only the files, but also the folder would
not only distract the attacker from finding the file, but will also distract him from finding
out the location for the file.
 Use the cloud: Using the cloud would also help a great deal. This would help in backing
up the data and prevent from data getting deleted. The automatic restore option in the
cloud also helps the user to great extent.
 Browser hygiene: The browser should also be kept clean so that the malware attacks on
the system can be prevented. This would also help in searching of data with less time for
the user.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
ICTNWK502
References
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The
rise of “big data” on cloud computing: Review and open research issues. Information
Systems, 47, 98-115.
Liu, S., Guo, C., & Sheridan, J. T. (2014). A review of optical image encryption techniques.
Optics & Laser Technology, 57, 327-342.
Mitali, V. K., & Sharma, A. (2014). A survey on various cryptography techniques. International
Journal of Emerging Trends & Technology in Computer Science (IJETTCS), 3(4), 307-
312.
Terzi, D. S., Terzi, R., & Sagiroglu, S. (2015, December). A survey on security and privacy
issues in big data. In Internet Technology and Secured Transactions (ICITST), 2015 10th
International Conference for (pp. 202-207). IEEE.
Tripathi, R., & Agrawal, S. (2014). Comparative study of symmetric and asymmetric
cryptography techniques. International Journal of Advance Foundation and Research in
Computer (IJAFRC), 1(6), 68-76.
Yang, K., & Jia, X. (2014). DAC-MACS: Effective data access control for multi-authority cloud
storage systems. In Security for Cloud Storage Systems (pp. 59-83). Springer, New York,
NY.