The Technical Report and Executive Summary
Technical report: Your report should be a 6-7 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations.
The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. Review the mission and organization structure of this healthcare organization. Review the roles within the organization, and recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format as part of your list of recommendations.
Provide a comparison of risk scenarios to include the following:
1. What will happen if the CIO and the leadership do nothing, and decide to accept the risks?
2. Are there possible ways the CIO can transfer the risks?
3. Are there possible ways to mitigate the risks?
4. Are there possible ways to eliminate the risks?
5. What are the projected costs to address these risks?
Provide an overall recommendation, with technical details to the director of IT.
The executive summary: In addition to your technical report, also create a nontechnical report as an executive summary. This should be a 2-3 page double-spaced Word document.
Scenario
You are a systems administrator in the IT department of a major metropolitan hospital. Your duties are to ensure the confidentiality, availability, and integrity of patient records, as well as the other files and databases used throughout the hospital. Your work affects several departments, including Human Resources, Finance, Billing, Accounting, and Scheduling. You also apply security controls on passwords for user accounts. Just before clocking out for the day, you notice something strange in the hospital's computer system. Some person, or group, has accessed user accounts and conducted unauthorized activities. Recently, the hospital experienced intrusion into one of its patient's billing accounts. After validating user profiles in Active Directory and matching them with user credentials, you suspect several user's passwords have been compromised to gain access to the hospital's computer network. You schedule an emergency meeting with the director of IT and the hospital board. In light of this security breach, they ask you to examine the security posture of the hospital's information systems infrastructure and implement defense techniques. This must be done quickly, your director says. The hospital board is less knowledgeable about information system security. The board makes it clear that it has a limited cybersecurity budget. However, if you can make a strong case to the board, it is likely that they will increase your budget and implement your recommended tool companywide. You will share your findings on the hospital's security posture. Your findings will be brought to the director of IT in a technical report. You will also provide a nontechnical assessment of the overal.
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
The Technical Report and Executive SummaryTechnical report Your.docx
1. The Technical Report and Executive Summary
Technical report: Your report should be a 6-7 page double-
spaced Word document with citations in APA format. The page
count does not include figures, diagrams, tables or citations.
The technical report: Provide recommendations for access
control and authentication mechanisms to increase the security
within the identity management system. Review the mission and
organization structure of this healthcare organization. Review
the roles within the organization, and recommend the accesses,
restrictions, and conditions for each role. Present these in a
tabular format as part of your list of recommendations.
Provide a comparison of risk scenarios to include the following:
1. What will happen if the CIO and the leadership do nothing,
and decide to accept the risks?
2. Are there possible ways the CIO can transfer the risks?
3. Are there possible ways to mitigate the risks?
4. Are there possible ways to eliminate the risks?
5. What are the projected costs to address these risks?
Provide an overall recommendation, with technical details to the
director of IT.
The executive summary: In addition to your technical report,
also create a nontechnical report as an executive summary. This
should be a 2-3 page double-spaced Word document.
Scenario
You are a systems administrator in the IT department of a
major metropolitan hospital. Your
duties are to ensure the confidentiality, availability, and
integrity of patient records, as well as
the other files and databases used throughout the hospital. Your
work affects several departments, including Human Resources,
Finance, Billing, Accounting, and Scheduling. You
also apply security controls on passwords for user accounts.
Just before clocking out for the day, you notice something
2. strange in the hospital's computer
system. Some person, or group, has accessed user accounts and
conducted unauthorized activities. Recently, the hospital
experienced intrusion into one of its patient's billing accounts.
After validating user profiles in Active Directory and matching
them with user credentials, you
suspect several user's passwords have been compromised to gain
access to the hospital's computer network. You schedule an
emergency meeting with the director of IT and the hospital
board. In light of this security breach, they ask you to examine
the security posture of the hospital's
information systems infrastructure and implement defense
techniques. This must be done quickly, your director says. The
hospital board is less knowledgeable about information system
security. The board makes it clear that it has a limited
cybersecurity budget. However, if you can
make a strong case to the board, it is likely that they will
increase your budget and implement
your recommended tool companywide.
You will share your findings on the hospital's security posture.
Your findings will be brought to the director of IT in a technical
report. You will also provide a nontechnical assessment of the
overall identity management system of the hospital and define
practices to restrict and permit access to information. You will
share this assessment with the hospital board in the form of a
narrated slide show presentation.
You know that identity management will increase the
security of the overall information system's
infrastructure for the hospital. You also know that, with a good
identity management system, the
security and productivity benefits will outweigh costs incurred.
This is the argument you must make to those stakeholders.
Step 1: Defining the Information System Infrastructure
Select a hospital or healthcare organization to research. You
may choose an organization you are familiar with or can readily
obtain information about. To maintain confidentiality, you do
3. not need to mention the name of the organization. You may also
choose a hypothetical/fictitious healthcare organization.
Others have researched several healthcare organizations, which
have suffered major security breaches, extensively.
1. Describe the organization and structure including the
different business units and their functions. You may use an
organizational chart to provide this information.
2. Choose one or more mission-critical systems of the
healthcare organization. Define the information protection
needs for the organization's mission-critical protected health
information (PHI). This information is stored in database
medical records for doctors, nurses, and insurance claims
billing systems, which are used to fulfill the organizational
information needs.
3. Define the workflows and processes for the high-level
information systems that you have just identified that will store
PHI. Workflows and processes for healthcare organizations
define how the organization gets its work done. They describe
the movement of patient information to the business units that
have needs to process and manage that information, from billing
to physician care. All these organizations have hardware and
software implementations of their information systems, and it is
critical to understand these components, and how they are
connected (known as their topology), so the appropriate
protections can be applied. Your research may produce
instances and examples of how an information system is
connected, to include cybersecurity components like firewalls,
in the information system and network diagram. Be sure you
understand the benefits and weaknesses for the different
network topologies.
You may incorporate what you find in your research, in your
definition for workflows and processes for the high-level
information systems and provide explanation of how that
topology fulfills the mission for the health care organization.
Your definition should include a high-level description of
4. information systems hardware and software components and
their interactions.
· Information systems hardware
· Information systems software
Supply this information as a diagram with inputs, outputs, and
technologies identified. Consider how you might restrict access
and protect billing and PHI information.
4. Also include following definitions:
· Open Systems Interconnections (OSI) Model
· TCP/IP protocols
· network protocolsStep 2: Threats
Now that you have defined the hospital's information system
infrastructure, you will have to understand what are the threats
to those systems and describe the types of measures that could
address those threats. In this section, you will learn about
different types of identity access management solutions and how
they protect against the threat of unauthorized access.
To complete this section of the report, you’ll brush up on your
knowledge of threats by reading the following resources: web
security issues, insider threats, intrusion motives/hacker
psychology, and CIA triad. Take what you learned from these
resources to convey the threats to the hospital's information
systems infrastructure. Include a brief summary of insider
threats, intrusion motives, and hacker psychology in your report
as it relates to your hospital data processing systems. Relate
these threats to the vulnerabilities in the CIA triad.
This section of your report will also include a description of the
purpose and components of an identity management system to
include authentication, authorization, and access control.
Include a discussion of possible use of laptop devices by
doctors who visit their patients at the hospital, and need access
to hospital PHI data.
You will include following information in your report:
1. Authorization
2. Access control
3. Passwords
5. 4. Multi-factor authentication
Define the types of access control management to include
access control lists in operating systems, role-based access
controls, files, and database access controls. Define types of
authorization and authentication and the use of passwords,
password management, and password protection in an identity
management system. Describe common factor authentication
mechanisms to include multi-factor authentication.Step 3:
Password Cracking Tools
You have successfully examined the threats to a healthcare
organization's information systems infrastructure. Now, you
must begin your research into password cracking software. Do
some quick independent research on password cracking as it
applies to your organization.
Not all password cracking tools will necessarily perform with
the same speed, precision, and results, making it important to
test a few different products. Compare the password cracking
tools (Cain & Abel and Ophcrack) based on these
characteristics, and include as part of your assessment and
recommendations on the use of such tools. You will test the
organization's systems for password strength and complexity
and complete validation testing. You will compare the results
obtained from your first and second tool.
You have tested and made comparisons of the performance of
various password cracking tools and you have the data to
support your recommendations for the use of such tools.
Assignment Details
In Unit 2, you have learned about three different types of
distributions: Normal, binomial, and Poisson. You can take data
that you collect and plot it out onto graphs to see a visual
representation of the data. By simply looking at data on a
graph, you can tell a lot about how related your observed data
are and if they fit into a normal distribution.
For this submission, you will be given a series of scenarios and
6. small collections of data. You should plot the data or calculate
probabilities using excel. Then, you will create your own real or
hypothetical scenario to graph and explain.
Answer the following:
· The mean temperature for the month of July in Boston,
Massachusetts is 73 degrees Fahrenheit. Plot the following data,
which represent the observed mean temperature in Boston over
the last 20 years:
1998
72
1999
69
2000
78
2001
70
2002
67
2003
74
2004
73
2005
65
2006
77
2007
71
2008
75
2009
68
2010
72
2011
77
7. 2012
65
2013
79
2014
77
2015
78
2016
72
2017
74
·
a. Is this a normal distribution? Explain your reasoning.
b. What is an outlier? Are there any outliers in this distribution?
Explain your reasoning fully.
c. Using the above data, what is the probability that the mean
will be over 76 in any given July?
d. Using the above data, what is the probability that the mean
will be over 80 in any given July?
· A heatwave is defined as 3 or more days in a row with a high
temperature over 90 degrees Fahrenheit. Given the following
high temperatures recorded over a period of 20 days, what is the
probability that there will be a heatwave in the next 10 days?
Day 1
93
Day 2
88
Day 3
91
Day 4
86
Day 5
8. 92
Day 6
91
Day 7
90
Day 8
88
Day 9
85
Day 10
91
Day 11
84
Day 12
86
Day 13
85
Day 14
90
Day 15
92
Day 16
89
Day 17
88
Day 18
90
Day 19
88
Day 20
90
Customer surveys reveal that 40% of customers purchase
products online versus in the physical store location. Suppose
that this business makes 12 sales in a given day
a. Does this situation fit the parameters for a binomial
distribution? Explain why or why not?
9. b. Find the probability of the 12 sales on a given day exactly 4
are made online
c. Find the probability of the 12 sales fewer than 6 are made
online
d. Find the probability of the 12 sales more than 8 are made
online
Your own example:
· Choose a company that you have recently seen in the news
because it is having some sort of problem or scandal, and
complete the following:
· Discuss the situation, and describe how the company could use
distributions and probability statistics to learn more about how
the scandal could affect its business.
· If you were a business analyst for the company, what research
would you want to do, and what kind of data would you want to
collect to create a distribution?
· Would this be a standard, binomial, or Poisson distribution?
Why?
· List and discuss at least 3 questions that you would want to
create probabilities for (e.g.,What is the chance that the
company loses 10% of its customers in the next year?).
· What would you hope to learn from calculating these
probabilities?
· Assuming that upper management does not see the value in
expending the time and money necessary to collect data to
analyze, make an argument (at least 100 words) convincing
them that the expenditure is necessary and explaining some
dangers the company could face by not knowing what the data
predict.