Health Software Solution is a medium sized company that consists of 110 employees and has a record for the production of innovative health care solution in the health industry. It operates in Australia and New Zealand and have a 24 hours online help desk service. The company needs to build a new office and thus a network solution is required to be implemented to connect the information system, customer service and the workers working remotely. The risk associated with the proposed network is analyzed and documented in the risk assessment report.
The main objectives of the report are as follows:
The document provides a brief overview of the process that is involved in analyzing the risk and the threats arising in the system. There are different methodologies that are used for analyzing the risk associated with the project. The main outcome of the risk assessment report is to provide recommendation about the different risk found in the system and maximize the protection and confidentiality of the system.
For the determination of the risk associated with the eHealth software solution a risk assessment model is deployed for classifying the different risk found in the system.
Risk = Likelihood of the threat x Impact magnitude
The major business process associated with the network security threats of the eHealth software solutions is that there is no firewall or antivirus software used for the network. The identified risk can be categorized into different categories like physical environment, software, hardware and data related risk. The major business processes are identified which is associated with the network framework and they are categorized as high medium and low.
|
Risk Description |
Priority levels |
Relevant risk |
Risk cause |
Mitigation |
|
The loss of integrity and confidentiality or unavailability of the network resources has a severe impact on the organizational growth and individuals accessing the organizational resources for improving the productivity of the organization (Acemoglu, Malekian and Ozdaglar 2016). The malicious attacks from intruders and hackers having access to the sensitive organizational information can have a serious effect on the network and thus there is a high risk of data loss in the organization. |
High |
It causes risk for the physical environment and the data |
Sabotage and malicious attacks |
The web server must be configured properly or else it may be used for carrying malicious codes for attacking the end user systems (Fragkiadakis, Tragos and Askoxylakis 2013). The malicious codes can also fetch all the data and fool the user. The inappropriate formulation of the passwords can help the hacker to easily crack the password using brute force attack to enter into the network and gain access of the current network components (Jouini, Rabai and Aissa 2014). |
|
Drop in the network performance and high demand for a resource is included as a medium risk occurring in the organization. Significant loss of the organization and delay in the dispatch of the software product also causes medium risk for the organization (Fragkiadakis, Tragos and Askoxylakis 2013). The accessibility of the organizational assets from any geographical location and restriction of the users accessing the organizational resources is also important and acts as a factor of risk. |
Medium |
It causes risk for the hardware and the software |
Sabotage attacks |
There are different unnecessary services that are running on the servers like SNMP, FTP and TELNET that can cause the hackers to find ways to intrude into the system and thus causing a risk for the organization regarding the theft of the sensitive organizational information. The web request information is not validated without used by the web application and the hackers can use this flaws for attacking the backend components using the web service. |
|
Minor damage to the organizational assets and financial loss of the organization due to failure of the security and the availability of the network is considered as low risk for the organization (Lin 2015). |
Low |
It causes risk for the physical environment of the organization |
Accidents and personnel factors |
The network must be monitored by the network administrators and the resources must be secured with the application of proper authentication. |
A network security plan is required to be prepared for securing the network components to be used by the hacker for unfair or illegal activities. The database and the application servers must be installed in a server room and it should be protected from any physical access. The routers connecting the servers with the different hosts must be configured with proper authentication levels and protocols (Kumar et al. 2016). The users of the network must be restricted from accessing all the resources and different services like AD, DNS, DHCP, Web, FTP, VPN, File Storage and SQL must be configured with the server for increasing the efficiency of the system. The following vulnerability and threat is identified for the system.
The risks are analyzed after categorizing them into physical security, hardware security, communication and data storage.
Physical Security- The data storage room is on the ground floor and the entry of any unauthorized personnel must be restricted to the data storage room. The IT and the help desk room is on the level 2 and more time would be required for the employees to reach the helpdesk and solve their problem in the network.
Hardware Security- The server room should be kept air conditioned and the network administrator is responsible to maintain and update the hardware for keeping it upto date and defend against any kind of sabotage attacks.
Communication- The customer service employees must be involved for taking feedback about the requirement of the network. A self assessment questionnaires is used that assists the team to identify the risk associated with the system. the eHealth security policy is analyzed by the security team and they are documented and aligned with the current system policies for reviewing. Interviews were conducted with the different stakeholders for understanding the system and validate the gathered information regarding the system (Lin 2015).
Data Storage- The database administrator is responsible to secure the data residing in the database of the organization. Different security testing tools are used for reviewing the configuration of the system and identifying the risk associated with the system. The tools used for analyzing the risk are as follows:
The physical devices and the servers were analyzed and the environment in which the devices were installed were also analyzed for finding the physical threats associated with the system. The data flow of the network is assessed for understanding the control point of the network and the transaction for each of the connection is analyzed.
The major features of the windows built in firewall are as follows:
The risk identified from the above risk analysis on the eHealth the implementation of the windows firewall can mitigate the risk and secure the current network of the organization. This is because it contains the firewall philosophy and the permitted communication and access policy that defines the rights to access based on the levels of the employees accessing the resources. The security threats are also defined and also respond for the attacks. The firewall philosophy, acts as a communication link between the firewall and the factors that affects the deployment of the successive IT personnel’s (Xu 2016). It acts as a guide for the deployment and maintenance of the firewall.
The kaspersky firewall solution can be compared with the Microsoft inbuilt firewall of the Windows server 2012 R2. It have the same functionality as of the windows firewall but all the features comes in an application interface and it is easy to manage the different network protocols using the software interface. The kaspersky firewall cannot block the outgoing connection according to different network protocol like FTP or SMTP (Drumm et al. 2016). The windows firewall is the best solution suited for eHealth for managing their network and handle the request from the client and the nodes. Additional security zones must be created with the addition of private network for connecting the internal components.
References
Acemoglu, D., Malekian, A. and Ozdaglar, A., 2016. Network security and contagion. Journal of Economic Theory, 166, pp.536-585.
Drumm, O., Lutz, B., Palmin, A. and Wolf, G., Siemens Aktiengesellschaft, 2016. Planning and Engineering Method, Software Tool and Simulation Tool for an Automation Solution. U.S. Patent Application 15/083,525.
Fragkiadakis, A.G., Tragos, E.Z. and Askoxylakis, I.G., 2013. A survey on security threats and detection techniques in cognitive radio networks. IEEE communications surveys and tutorials, 15(1), pp.428-445.
Golriz, A. and Jaber, N., 2015, October. A High Assurance Firewall in a Cloud Environment Using Hardware and Software. In International Telemetering Conference Proceedings. International Foundation for Telemetering.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in information systems. Procedia Computer Science, 32, pp.489-496.
Kumar, M., Kaur, N., Kaur, S. and Singh, R., 2016. Different Security Threats and its Prevention in Computer Network. International Journal of Advanced Research in Computer Science, 7(6).
Lin, D., Emc Corporation, 2015. Anomaly detection system for enterprise network security. U.S. Patent 9,112,895.
Pierson, G. and DeHaan, J., Iovation, Inc., 2015. Network security and fraud detection system and method. U.S. Patent 9,203,837.
Xu, Z.X., 2016. Practices to Administration of Windows Server 2012 and 2012 R2. Scholar Works, SJSU.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download