NETWORK SECURITY:
This work consist of a three-part project. You will be a security analyst working for Northwest Shelbyville Regional Hospital (NWSRH). This will be a multipart project where you will:
PART ONE
1. Write a Vulnerability Memo.
For this assignment, you will select and research two networked internet of things (IoT) OR internet of medical things (IoMT) devices with publicly known security vulnerabilities.
This section is to check the internet and the
Common Vulnerabilities and Exposures (CVE) List
for networked IoT OR IoMT devices with publicly known problems identified in the past six months.
Select two devices related that might be relevant to the organization setting and review what is known about the vulnerabilities of these devices.
For each device, include background information about the device, a description of the vulnerability, possible solutions that have been identified to fix the vulnerability, and your recommendation on whether the organization should avoid the product.
NB: Follow these steps.
Device 1: [device name]
Include:
· 1-2 brief paragraphs of background information about the device
· CVE ID (the number portion of a CVE Entry, for example, “CVE-1999-0067”) and description of the known vulnerability
· Description of possible solutions or resolutions of the vulnerability
· Your recommendation to the hospital including whether the organization should avoid using the product or what alternative solutions should be used.
PART TWO
2. Create a Physical Security Plan.
For this assignment, you will make recommendations for ensuring the physical security of the hospital exterior, lobby, and maternity unit.
Instructions.
Go to the
Physical Security Plan Assignment Resources
page.
Download the maps. I WILL UPLOAD THE MAPS FOR YOU SEPARATELY.
For each map, click the icons in the map key and drag them to the place on the map you believe they should be located. If you want to place an icon multiple times, you can copy it by right-clicking or selecting it and clicking CTRL+C.
Then answer the follow-up questions in the Physical Security Plan Template.
HERE ARE THE QUESTIONS BELOW.
Physical Security Plan Template
Exterior
· Why did you propose the lighting where you did?
· When placing the parking lots, what factors did you consider?
· Why did you place cameras where you did?
Lobby
· What kind of windows are required? What kind of access control security are you providing for the visitor, employee, and patient?
· What kind of information would you collect from all nonemployees to enter the hospital for security reasons?
· What kind of security would you have at the door? (physical, ID badges, cameras)
Maternity Unit
· From a security perspective, why is the placement of the nurses’ station important?
· For security reasons, why do you encourage visitors to stay in designated areas or tell them where to go? (for example, signs, maps, paths, etc.)
· How do you secure the newborns from potential abduction and accidental switching?
· Would different secondary ID badges for maternity ward employees be recommended and why?
Security Training
· What kind of security training would you offer to employee staff, and how often would it take place? Why?
· Would the training be different for each group? How?
PART THREE
3. Design a HIPAA, PII, and PHI Training.
Here, you create a narrated PowerPoint presentation for an employee HIPAA training that addresses the administrative, physical, and technical security of personal health information.
The human resource department is updating its HIPAA Basic Training for Privacy and Security course. As a security analyst for the hospital, you have been tasked with covering the topics in the training related to the HIPAA security rule and the information that hospital staff need to know regarding personally identifiable information (PII), personal health information (PHI), and electronic personal health information (ePHI) to comply with federal regulations.
The presentation should include voice overlays as narrative for each slide. Include one to two slides explaining the following:
· HIPAA Security Rule
· HIPAA, PII, PHI, and ePHI Definitions
· Safeguarding of PII, PHI, and ePHI
· Disclosures of PII, PHI, and ePHI
Exterior
Icons can be moved or copied to the desired location on the maps.
Fences can be drawn using the shapes/lines/freeform tool
Exterior Instructions including visitor parking garage, staff parking lot, and the hospitals emergency entrance, stairs, ramps for wheelchair, and staff entrance.
Icons can be moved or copied to the desired location on the map.
Fences can be drawn using the shapes / lines / freeform tool.
1
Lobby
Lobby Instructions including entrance door, vending area, front desk, administrative suite, registration admitting / waiting area, gift shop, restrooms,
stairs, elevator, and hallway to the East wing.
Icons can be moved or copied to the desired location on the map.
2
Maternity Unit
Maternity Unit Instructions including waiting room, reception counter, elevators, stairs, vending area, public rest rooms, storage, nursing office, meeting room,
training room, C-section surgical suite, labor and delivery suite, supply closets, patient rooms, nursery with doorway requiring card entry, snack/water station,
utility room, and hallway/staff entrance. Icons can be moved or copied to the desired location on the map.
3