Premium Essay

Tft2 Task 2

In: Computers and Technology

Submitted By Magnicious
Words 3049
Pages 13
Introduction The major healthcare provider in question has experienced a potential security breach within their records. They are now currently investigating how this happened and what information was access by the unauthorized individual. However, the company is now interested in established a baseline framework to avoid future information breaches from occurring. This document will outline three major IT frameworks and how each could have mitigated the recent information breach.
ISO Policy
The ISO 27001 recommendation is a high-level discussion. A precise policy was not located. The discussion did contain a preventive feature to denied access afterhours; however, how the afterhours check relates to a policy is not clear. The COBIT5 recommendation is a discussion and needs to develop a policy. The discussion includes auditing in general; however, details about the auditing need to be developed once a precise policy is developed. The NIST framework discussion includes review of log files. Details need to be developed about the review once a policy is developed. The three major security frameworks in the discussion are excellent overall recommendations. Precise policy statements that will prevent an identified security flaw in the scenario need to be developed. The first policy presented is ISO 27001 (International Standards Organization Security Standards). According to the ISO website, “The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties (ISO, n.d.). The paramount of this standard is three main principles. The first is integrity of the data. This ensures the data at rest and data being transferred is not altered or…...

Similar Documents

Premium Essay

Tft2 Task 4

...TFT2 Task 4 As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials. Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft. The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund Transfer Act (EFTA). This states that as long as the...

Words: 1403 - Pages: 6

Premium Essay

Tft2 Task 2

...the facility. These standards are designed to minimize the exposure of patient data and damages that may occur from misuse.   2. Scope   This policy applies to all employees who utilize the electronic health record (EHR) system, and all devices used to connect the hospital data network. This policy applies to remote access connections used to modify, and view patient information on behalf of the hospital, including but not limited to the EHR system.   Remote access implementation that are covered by this policy include, but are not limited to: dial-up, consumer DSL, cellular, and cable modems.   3. Policy   General   1. Authorized users with both remote access privileges, and job function necessity must ensure that their remote connection complies with hospital standards, and treat it with the same critical care and consideration as an on premise connection. 2. Users ability to access the internet will be disabled while connected remotely to the hospital network. This will be enforced through corporate VPN policy, and remote access will be terminated immediately upon an attempt to bypass the configured policy. 3. Only computers, PDAs, and Cellular Phones that are issued and inventoried by the hospital will be eligible for use.   Acceptable Uses   1. Home patient care - access will be limited to using Virtual Desktop access. 2. After hours prescription services - access will be limited to Physicians, and Nurse Practitioners. 3. All other purposes will...

Words: 1416 - Pages: 6

Free Essay

Task 2

... and might then retain a copy of the assignment on its database for the purpose of future plagiarism checking. Requirements Modelling Report for the Sales & Book Tracking System Prepared for: Pinnacle Publishing Company 20th December, 2011 Prepared by: |Name |Student No. | | | | | | | | | | | | | KXO221 Assignment 3 Table of Contents Executive Summary 1 Introduction 2 1 Required Functions of the Sales & Book Tracking System 3 2 Functional Decomposition Diagram 4 3 Data Flow Diagram – Context 5 4 Data Flow Diagram – Level 0 6 5. Data Flow Diagram – Level 1 8 6. Data Dictionaries 10 6.1 Data Dictionary – Processes 10 6.2 Data Dictionary - Data flows 11 6.3 Data Dictionary - Data Stores 15 7. Entity Relationship Diagram 16 8 Use Case Diagram 18 9. Conclusion 20 References 21 Executive Summary Considering the current situation and management’s requirements, our group analyzed the Pinnacle Publisher’s business process and the communication of data, and then a model of new system was designed. This requirement modeling report aims to present a general understanding......

Words: 3520 - Pages: 15

Premium Essay

Tft2 Task 1

...be filled out and a manager must sign it. The level of access given will depend on your position and department. All computers have disabled USB ports for security reasons. In order to maintain compliance with Heart-Healthy Insurance, the Gramm-Leach-Bliley Act (GLBA), and the PCI-DSS, the following procedures for new users are in effect: 1. New user accounts are set up and log in information is sent to their email. 2. New users are assigned a temporary password that must be changed within 48 hours. 3. Users are not allowed to share log in information 4. Users must log out of their workstation before leaving the computer. 5. Teleworking (working from home) is not allowed. 6. Accounts from users who are on vacation or medical leave will be disabled. 7. Accounts from users who have been terminated or are no longer with the company are disabled or removed immediately (ISO, 2013). 8. PASSWORD REQUIREMENTS In order to maintain the required security, passwords must: 1. Be a minimum of eight characters long, 2. Have upper and lower case letters, 3. A number 4. A special symbol 5. Must not have repetitive numbers or letters Passwords are changed every 30 days and password reuse is not allowed for the previous six passwords used. Password sharing is not allowed on computers that can access or have patient information on them. Three log in attempts are allowed, if the log in has failed after three attempts, the user......

Words: 496 - Pages: 2

Premium Essay

Tft2 Task 1

...safe place, e.g. a wallet, or a safe. Passwords are not be written down and tape to the bottom of the keyboard, stuck to the computer monitor with a sticky note, or put in an unlocked desk drawer. * All passwords will be changed every 90 days Proposed Password Policy Heart-Healthy password policy guideline is a recommendation for creating a new user password. This policy is a guideline to help end users in: * Choosing and creating a strong password * Ensure that passwords are highly resistant to brute force attacks and password guessing * Recommendations on how users should handle and store their passwords safely * Recommendations on lost or stolen passwords Password expiration * Password expiration will serve 2 specific purposes: * Password expiration will limit the time crackers have to either guess, or brute force a password. * If a password has been compromised, the password expiration will help to limit the time the cracker / hacker has access to Heart-Healthy’s internal networking system.  Heart-Healthy has embarked on a path to bring their information security posture regarding “Password Requirements” and “New Users” up-to-date. Heart-Healthy has used NIST (National Institute of Standards) and HIPAA ( Health Insurance Portability and Accounting Act) regulations in order to achieve their goal of providing the CIA (Confidentiality, Integrity, Authorization) triad for information security. The federal government has implemented a......

Words: 1532 - Pages: 7

Premium Essay

Tft2 Task 4

...information .even the organization can use the Host Based Intrusion detection system which can give better safety to data and information that s available on the network. The implementation of the firewall can protect the entire network form the various kinds of threats which can easily destroy the network. so there is a need to implement the router and firewall on the network which can give the encryption to both LAN and WLAN and various protocol can be sued in this regards. The idea to implement the Vendor manufacturing gents or partners is to protect the company from any misuse or theft of the data from the assailants. These mechanisms also serve to protect from the external threats by engaging the organization to identify its used resources. 2. Justify how your recommendations will assure that Finman’s property, patents, copyrights, and other proprietary rights are protected. There are three basic ISM concepts which are called the Availability, Confidentiality and Integrity. More work is to be completed when the ACLs, GPs and TPV are implemented. For the Finman’s organization, various approaches can be sued for granting the permissions to use the network where the user is included in the particular groups called Active Directory. Even in case of multiple-user on the either network i.e. LAN or WAN, domains and Access control are used which work without any pause with the support of personal identification numbers. Finman also provides the solution on the basis of......

Words: 758 - Pages: 4

Free Essay

Tft2 Task 4

...sent to various other bank accounts across the United States. As of today, the amount of fraudulent transfers has been over $290,000. The bank’s affected customers are calling to get answers and reclaim lost funds. Your supervisor is demanding answers from you as well. The bank’s general counsel is preparing for litigation threats from the affected customers. This could be a business nightmare, especially if you fail to resolve the situation quickly. After further analysis, you learn some additional information about the case: 1. The $10,000 individual transfers are going to several U.S. bank accounts of individuals before being automatically transferred to several international bank accounts located in Romania, Thailand, Moldavia, and China. 2. The bank’s affected customers all used computers infected with a keystroke logger virus that collected usernames, passwords, account numbers, personal identification numbers, URL addresses, and digital certificates. These computers did not have antivirus or security software installed. 3. The bank’s customers are frequently experiencing what is known as spear phishing attacks against them, which are fake e-mails that resemble normal business e-mail messages to customers, but contain the keystroke logging virus. 4. The bank’s systems have not been breached and no customer data has been stolen except for the few business customers whose personal business computers were compromised. 5. The U.S. banks that received fraudulent funds......

Words: 405 - Pages: 2

Premium Essay

Tft2 Task 1

...trained. Customer Mgr: will oversee operations from costumer services and cashiers. Customer Service officer: will be in charge of cashiers and customer service. Cashiers/Agents: trained to handle PCI DSS and company policies. Marketing: with limited remote access to authorized information. | Network | Application | Remote | Financial | Dept. Mgr | * | * | | * | Customer Mgr | * | * | | * | Customer Service officer | * | * | | * | Cashiers/Agents | * | * | | * | Marketing | * | * | * | | 1. Access control policy: Who has access to authorized system for business applications? Users will be authorized to use only the systems that pertain to their roles. 2. User access: Employees are granted information access through passwords and RSA tokens. Users will appropriate authorization through authentications will be able to access position related materials. Users will be given unique ID’s to access HHI’s computer systems. 3. User responsibilities: Through training users are educated and made aware of access responsibilities. Users will not share sensitive information from HHI. 4. Network access: Access to the network will be set on roles and responsibilities of the position that is acquired. No access is granted unless authorized. 5. Remote access: Will be encrypted and have limited access to sensitive information. This access will be granted by role based positions and......

Words: 932 - Pages: 4

Premium Essay

Tft2 Task 4

...t2 Task 4 In: Computers and Technology Tft2 Task 4 TFT2 Task 4 As the chief information security officer for VL Bank, we were notified by several of our commercial customers of unauthorized wire transfers in an amount greater than $290,000. This is very concerning since we take pride in our information security. As soon as we were notified of the fraudulent transactions my security team, along with the network engineers, performed a thorough investigation of how such attack had occurred. Once we were able to view all logs and audit data it came to our attention that the data did not appear to be stolen from our network. All transactions performed were done so with the appropriate credentials. Once we determined that the data breach did not occur on our network we worked with the customers to check their personal computers. We discovered that all the information was gathered from the customers with a key-logging virus that collected the usernames, account numbers, passwords, personal identification numbers, URL addresses, and digital certificates used to access the VL Bank online banking site. Further investigation showed that there was not adequate virus protection on these PCs. The key-logging virus originated from a phishing email impersonating VL Bank and asking the customer to load the latest security software to protect from identity theft. The customers reported the fund transfer immediately (within 48 hours) and they are protected under the Electronic Fund...

Words: 1413 - Pages: 6

Free Essay

Cyberlaw Tft2 Task 2

...New Policy Statements for the Heart-Healthy Information Security Policy New User Policy Statement The current New Users section of the policy states: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” There are procedures for creating new user account profiles. HIPPA requires that an Information Security Officer (ISO) must be assigned to the network account profiles. This appointed person(s) is usually the network or system security administrator of the organization. Once this role is assigned, the security administrator can create network profiles and assign the new user to such specified profile. The network profiles are implemented in accordance with least privilege access. This means that data intended for use will only be available to the specified profile. This method protects the privacy of the data during transmission. This process complies with the 4 standard Federal regulatory requirements stated in this policy: FISMA, HIPAA/HITECH, GLBA, and PCI-DSS. Once the network account profiles are created, a new user is created and assigned. To implement a strong access control measure, a unique user identifier must be assigned to the new user account. Before the new user account is activated, the network or security administrator will need......

Words: 971 - Pages: 4

Premium Essay

Tft2 Task 3 V1.Docx

...is only to be used by the Finman Corporation or with the express consent of Finman Account Management. Only defined and expressed marketing information may be used during the course of the SLA and will not be allowed for use after the terms of the SLA have ended.  This model creates a protection of the Finman brand and reputation. Protecting the brand and reputation of Finman is a key piece of their intellectual property due to the fact that one of the corner stones of this SLA is Finman’s reputation in the field of intellectual property management. Conclusion Finman’s business interests, including data and intellectual property, will remain secure if: 1. All the appropriate changes are made to the final Service Level Agreement 2. The SLA final draft is prepared by an independent third party law firm 3. All three working groups agree on the finalized documentation 4. All three groups have a notarized signed copy of these agreements Following the methodology laid out above limits the use, sharing, retention and destruction of Finman’s corporate data. Additionally, these recommendations assure Finman’s intellectual property rights are protected....

Words: 2292 - Pages: 10

Free Essay

Tft2 Task 1

...The current new user security policy for Heart-Healthy Insurance states the following: “New users are assigned access based on the content of an access request. The submitter must sign the request and indicate which systems the new user will need access to and what level of access will be needed. A manager’s approval is required to grant administrator level access.” The following changes are based upon the PCI-DSS Compliace: 1. Usage policies must be developed for critical technologies and defined for proper use of these technologies (PCI DSS 12.3). With this first policy an organization with prohibit or allow the usage of equipment and/or accounts depending on the individual’s permitted access. 2. Explicit approval by authorized parties (PCI DSS 12.3.1). This policy will grant specific approval by management to match the business needs. Proper approval to individual personnel will create a secured environment with critical systems. 3. Authentication for use of the technology (PCI DSS 12.3.2) Personnel will use passwords to authenticate the access they have to specific technology. This will hinder any individual who is trying to breach the environment and gain access to critical information. 4. Automatic disconnect of sessions after a specific period of inactivity (PCI-DSS 12.3.7) Users must log out if they plan to step away from their accounts and/or devices. Automatic log-off will stop any individual who is trying to gain access to the system without......

Words: 627 - Pages: 3

Free Essay

Task 2

...Task Stream 2 Microbiology can be broken down into categorizations based upon the environmental conditions necessary for organisms in which to grow. Two large categories of microorganisms are those requiring oxygen to live (obligate aerobes) and those which can grow with oxygen but have the ability to also grow without it (facultative aerobes). The obligate aerobes produce more energy from nutrients than anaerobes by using oxygen as the “final electron acceptor in the electron transport chain, which produces most of the ATP in these organisms”(Betsy & Keogh, 2005, p.104). The facultative microorganisms are able to use oxygen but can also go without by using fermentation or anaerobic respiration when it is not available (Betsy & Keogh,2005). The microorganisms being cultured in our first task (Lactobacillus acidophilus and Staphylococcus epidermidis) are obligate aerobes. Microorganisms can grow in a variety of conditions with temperature being one of those variables, but the types we frequently encounter in our environment thrive in fairly warm temperatures. Both Lactobacillus acidophilus and Staphylococcus epidermidis are examples of these, which are referred to as mesophiles. Extreme temperatures (as in deep freezing or auotoclaves for example) are effective in destroying microorganisms due to their inability to thrive outside of more moderate temperatures). Growth of these two organisms would be optimized by remaining between 25 and 40 degrees celsius (Betsy...

Words: 1281 - Pages: 6

Premium Essay

Tft2 Task 4

...TFT2 Cyber Law Task 4 Jordan Dombrowski Western Governors University Situation Report It has come to my attention from the security analysts of VL Bank and victims that commercial customers of VL Bank have been involved in identity theft and fraud. Multiple user accounts were created without authorization claiming the identity of our customers. These fake accounts were used to make twenty-nine transfers of $10,000 each, equaling $290,000. The bank transfers were being sent to several U.S. bank accounts of unknown individuals. The U.S. banks involved in the transfers were Bank A in California, Bank B in New York, Bank C in Texas, and Bank D in Florida. After the funds were transferred to one of these banks, the funds were automatically transferred to several international bank accounts located in Romania, Thailand, Moldavia, and China. After further analysis we discovered that the banks affected customers all used computers infected with a keystroke logger virus that collected usernames, passwords, account numbers, personal identification numbers, URL addresses, and digital certificates. The computers infected did not have an anti-virus or security software of any type installed. Additionally, these customers have reported that they have been frequently experiencing spear phishing attacks, which is most likely the way that the keylogging virus software was installed. Finally we concluded that our banks systems have not been breached and no customer data has been...

Words: 3994 - Pages: 16

Premium Essay

Tft2 Task 1

...CYBERLAW Introduction: Due to policy changes, personnel changes, systems changes, and audits it is often necessary to review and revise information security policies. Information security professionals are responsible for ensuring that policies are in line with current industry standards. Task: A.  Develop new policy statements with two modifications for each of the following sections of the attached “Heart-Healthy Insurance Information Security Policy”: 1. New Users 2. Password Requirements   B.  Justify each of your modifications in parts A1 and A2 based on specific current industry standards that are applicable to the case study.   C.  When you use sources, include all in-text citations and references in APA format. A. Develop new policy statements with two modifications for each fo the following sections of the attached “Heart-Healthy Insurance Information Security Policy”;: 1. New Users: I would change the access from what is requested to what is required for the job and that both a supervisor and the employee sign the access sheet for a check and balance of rights to the system. I would also modify just needing a manager’s approval to grant administrator level access to requiring the manager’s and the IT directors or HIPAA regulator’s approval. There needs to be a very good reason that is properly documented showing the need to allow administrative level access B. Justification of the modification. . Access controls provide......

Words: 662 - Pages: 3

Terri Irwin | LAVAMOTORI SPRAY 400ml AUTO MOTO BARCA SCOOTER CATENE LAVA MOTORI VMD29 PROFESSI | file_downloadTélécharger