Part A: Data input
Problem: One of the most common problem which can arise with the data entry is the actual data input process. this can be stated as a seemingly mistake which is insignificant and can cause long term as well as short term problems leading to record which would be incorrect, disorganised and misinformation. Even the best person who is responsible for the process can indulge in a mistake concerning into the data input which in turn can cause a lot of problem relating to the working of the business (Efford 2017).
Recommendation: The person who is concerned with the data entry should be very much carefully when entering the important data. On the other hand, the use of software for example hospital management system should be incorporated which would directly reduce the human involvement and the factor is mistake in order of input of the data (Chesters, Davies and Wilson 2016).
Processing of patient records
Problem: it can be stated that the process of the patient record is very much essential from the point of view of the doctors in order to manage the patient properly. The maintenance of the record is crucial basically for two reasons. The first being that it helps the doctors in the scientific evaluation of the profile of the patient which helps them in analysing the treatment result and the second one is that the legal system mainly relies on the documentation part when any issue related to negligence of the treatment is being recorded or taken into account (Ro et al. 2016)
Recommendation: the implementation of the electronic medical record (EMR) should be incorporated which would be keeping all the details of the patient which would be directly beneficial from the point of view of the doctors and patients (Petrakaki, Klecun and Cornford 2016).
Data enquiry
Problem: The concept of the data enquiry can be directly related to the concept of the data retrieval when it is required to do so. The data entry process has a direct relation with the data enquiry. The data which is entered is only retrieved when it is required. Disorganised data can be very much time consuming on the part of the organisation which may directly lead to organisation default (Morgan et al. 2016). The record of the individual patient is very much important for the doctors as well as the organisation so any fault in it can create a serious problem.
Recommendation: The retrieval of the data during the data enquiry should be a timely process which should not involve any time lags involved in it. The use of software should be incorporated and during the time of the entry of the data it should be taken into care that the data should be stored in a organised manner so that retrieval when it is needed is not a problem (Rao et al. 2016)
Buffer overflows
Working: The buffer can be termed as a temporary area which is related to the data storage. In a situation when more data is allocated than the estimated limit it gets replaced by a program or a system process. the extra data in this case would overflow hence the name buffer overflow. In the attack of buffer overflow the extra data may sometimes hold instruction which are specific for the attacks which are intended by the hackers or the users termed as malicious users. An example of this case may be the data could trigger a direct response that mainly damage the file, unveils the information which are private and changes the data of the files (Christodorescu, Kundu and Mohindra 2017). The hackers would usually use the buffer overflow to exploit and take advantage of a program that is waiting at the point of the users input.
Control: The main control measures that can be associated with the buffer overflow are avoiding using the files which are stored in the library, filtering of the user input and testing of the applications prior to the deployment ensuring the secure coding involved in it (Alwan and Younis 2017).
SQL injection
Working: The SQL injection can be referred to as a code injection technique that mainly exploits a security vulnerability which occurs in the database layer of an application. It mainly works by injecting a SQL code in as user input in the inside of the query. The SQL injection can manipulate data by various means for example delete the data, update the data and corrupt or delete the tables which are in the database (Pearson and Bethel 2016).
Control: There are mainly options available in order to control from the attack of the SQL injections the options are.
Option 1: Prepared statement usage (with the queries which are parameterized)
Option 2: Stored procedure Usage.
Option 3: Input validation of white list.
Option 4: Escaping all the users of the supplied input (Morgan et al. 2016)
Working: The attack of the which is termed as cross site scripting can be referred mainly as a code injection which is done in the site of the client. The attack is mainly justified by the attackers executing a script which is mainly malicious which is termed as payload malicious in a website. The attackers do not directly target the victim but they tend to be vulnerable within the frame work of a website and when the user accesses the website they fall in the trap of the activity. There are mainly sector which are affected by the activity but the most important sector which can be taken into consideration is the Java script this is due to the factor that java script can be considered to be very much fundamental to most of the experiences which are related to the browsing.
Control: Cross site scripting can be summed up into two rules that can be involved in the control of the activity:
Rule 1: Insertion of the data should be avoided expect for only in allowed locations.
Rule 2: The HTML escape inserting before untrusted data into the HTML element Content (Christodorescu, Kundu and Mohindra 2017).
The ice creams Pvt LTD is a small company which mainly manufactures ice cream that are mainly sold to the restaurants throughout Australia. The company currently uses an accounting information system which is located at their own hardware location in the company premises. The main concern for the Chief Executive Officer (CEO) of the company is that, he has suggested to move the company to the cloud accounting due to the factor that concerns in the sector of risk related to the cybercrime and the CEO is very reluctant to the company’s movement towards the concept of cloud computing.
The main focus point which is mainly highlighted in the report is the concept which is involved in the term of cloud computing bringing into account the benefits which are related to the adaptation of the concept and the risk associated with it and the steps which can be included in order to reduce them.
The concept of the cloud computing can be stated as a service in order to deliver all the means of computing services such as storage, servers, database, networking, software and many more over the internet (the cloud). The companies which provide the basic framework of the cloud are called the cloud providers and they typically charge for the service which is being achieved from them (Almorsy, Grundy and Müller 2016). This is based on the concept of usage which is very much similar to the concept of the electric bill which is generated. Essentially the cloud computing is a kind of outsourcing which is related to the computer programs and the basic data which is related to the business. Using the concept, the user of the cloud computing is able to access the applications and the software from anywhere they need the access and at any time when they need to do so, this is mainly achieved from tye service which is provided by the third party which is technically termed as the cloud providors. The overall result which can be seen by the movement to the concept of the cloud is the burden which is related to the hardware and the software is kept in the part of the cloud providers and the organisation can lend its direct concern towards more important organisational matters. (Rittinghouse and Ransome 2016).
Cloud computing can be stated as a big shift from the traditional thinking of the business concept when relating to the concept of the Information technology (IT) resources. The common benefits which can be achieved by a business turning to the cloud computing services are stated below:
The cloud computing provides a number of benefits to the organisation but on the other hand there are risk also which are associated with the concept. The risk of the cloud computing is broadly described below:
When moving towards the concept of the cloud computing the following measures would directly reduce the risk associated with the concept.
Conclusion
The concept of cloud computing in the first hand can be stated as very much challenging bringing into account the different challenges which are guided with the implementation. The challenges can be omitted merely by ensuring some of the simple security mitigation strategies and the whole benefit of the concept can be achieved. It can also be started that the movement towards the cloud lessen the burden aspect which is relating to handling of the hardware and the software issue of the organisation due to which the organisation can focus more on business oriented goals.
References
Almorsy, M., Grundy, J. and Müller, I., 2016. An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
Alwan, Z.S. and Younis, M.F., 2017. Detection and Prevention of SQL Injection Attack: A Survey.
Chesters, A., Davies, G. and Wilson, A., 2016. Four years of pre-hospital simple thoracostomy performed by a physician-paramedic helicopter emergency medical service team: A description and review of practice. Trauma, 18(2), pp.124-128.
Christodorescu, M., Kundu, A. and Mohindra, A., International Business Machines Corporation, 2017. System and method for protection from buffer overflow vulnerability due to placement new constructs in C++. U.S. Patent 9,600,663.
Efford, M., 2017. Data input for secr.
Gupta, S. and Gupta, B.B., 2016. XSS-SAFE: a server-side approach to detect and mitigate cross-site scripting (XSS) attacks in JavaScript code. Arabian Journal for Science and Engineering, 41(3), pp.897-920.
Gupta, S. and Gupta, B.B., 2017. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. International Journal of System Assurance Engineering and Management, 8(1), pp.512-530.
Hwang, K., 2017. Cloud and Cognitive Computing: Principles, Architecture, Programming. MIT Press.
Morgan, A.S., Marlow, N., Costeloe, K. and Draper, E.S., 2016. Investigating increased admissions to neonatal intensive care in England between 1995 and 2006: data linkage study using Hospital Episode Statistics. BMC medical research methodology, 16(1), p.57.
Pearson, E. and Bethel, C.L., 2016. A design review: Concepts for mitigating SQL injection attacks. 4th Internatinal Symposum on Digital Forensic and Security (ISDFS).
Petrakaki, D., Klecun, E. and Cornford, T., 2016. Changes in healthcare professional work afforded by technology: The introduction of a national electronic patient record in an English hospital. Organization, 23(2), pp.206-226.
Rao, J., He, Z., Xu, S., Dai, K. and Zou, X., 2016. BFWindow: Speculatively Checking Data Property Consistency against Buffer Overflow Attacks. IEICE TRANSACTIONS on Information and Systems, 99(8), pp.2002-2009.
Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation, management, and security. CRC press.
Ro, Y.S., Do Shin, S., Lee, Y.J., Lee, S.C., Song, K.J., Ryoo, H.W., Ong, M.E.H., McNally, B., Bobrow, B., Tanaka, H. and Myklebust, H., 2017. Effect of dispatcher-assisted cardiopulmonary resuscitation program and location of out-of-hospital cardiac arrest on survival and neurologic outcome. Annals of emergency medicine, 69(1), pp.52-61.
Talluri, S., 2016. Novel Techniques In Detecting Reputation based Attacks And Effectively Identify Trustworthy Cloud Services. IJSEAT, 4(6), pp.287-289.
Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X. and Ren, K., 2016. A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), pp.2594-2608.
Yadav, D.S. and Doke, K., 2016. Mobile Cloud Computing Issues and Solution Framework.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download