Information security case study cw2 final

1. Security Recommendations for
New England Hospital
Briefing the Board of Directors on current cyber risks and secure
improvement plans.
Presented by Lopsang Lama (15760575)
Module Code: 402IT

2. Introduction
Patient Safety
Information security is vital to ensure
patient safety, trust, and operational
continuity.
Current Vulnerabilities
Outdated systems, weak
authentication, and web app
vulnerabilities pose high risks.
Our Mission
This presentation addresses
necessary improvements to maintain
secure, trusted healthcare services.

3. Key Vulnerabilities
Threat Risk Level
Legacy Systems (Windows XP) High
No MFA High
No Encryption High
Web App Vulnerabilities Medium

4. CIA Triangle
Confidentiality
Patient data accessible by external pharmacies
over the internet.
Integrity
Potential alteration of medical records via
unsecured systems.
Availability
Legacy systems at risk of ransomware and
downtime.

5. Recommended Security
Architecture
Standards Alignment
ISO/IEC 27001:2017 & ISO 27002 compliance.
Access Control
Implement Role-Based Access Control via Active Directory.
Network Segmentation
Using VLANs to separate critical systems.
Legacy Isolation
Separate VLAN or sandbox for outdated systems.

6. Key Technologies to Implement
MFA
Prevents unauthorized access, addressing login vulnerabilities.
Firewall & IDS/IPS
Blocks threats and detects intrusions, protecting against web exposure.
VPN
Secures remote access for pharmacy connections.
Endpoint Security
Protects devices from malware and ransomware.

7. Cloud Migration Strategy
Compliance
GDPR, NHS DSP Toolkit, ISO 27001
Infrastructure
AWS/Azure with IAM, MFA, logging
Migration Targets
GlassFish App Servers & SQL Databases

8. Cloud Security Implications
Risks
• Misconfigured storage
• Insider threats
• Unclear shared responsibility
Mitigations
• IAM Least Privilege
• Encryption at rest/transit
• CloudTrail/Azure Monitor

9. Legal, Ethical & Social
Considerations
Legal
GDPR, Data Protection Act 2018 compliance requirements.
Ethical
Public trust, transparency, respectful data handling.
Social
Digital inclusion and secure pharmacy integration.

10. Future Improvements
Staff Training
Cybersecurity awareness training for all hospital personnel.
Regular Testing
Schedule annual penetration testing to identify vulnerabilities.
Incident Response
Establish incident response and disaster recovery plans.
Advanced Monitoring
Deploy SIEM for log correlation and alerting.

11. Conclusion
Summary
Exposure and legacy systems present immediate danger. Cloud planning and security technology offer flexibility.

12. Thank you, Have a nice day.