Assignment 2: An Information Security Project

     On September 24, 2010, a laptop was stolen from an unlocked Urology office at the Henry Ford Health Systems hospital. The laptop did contain password protection software; however, it may not have been enough to permit access if the thief had advanced knowledge in computers. Additionally, the information stored on the laptop did not include social security or health insurance information, but instead held “patient names, medical record numbers, dates of birth, telephone numbers, e-mail addresses, and treatment and doctor visits” (Moscaritolo, 2010, p. 1). It is unknown how many records were contained on the laptop, but all records were related to prostate services that were provided during an eleven year span.

The following document shall serve as the RFP (Request for Project) for the Patton-Fuller Community Hospital. Team A has researched the hospital’s current IT systems seeking ways to ensure many years of continued success and compliance with the very best practices in the IT community today. Specific areas such as networking architecture design and the future proofing of the design for speed, accuracy, and security of the system shall be discussed as part of this RFP. Special consideration was given to the sensitive nature of the security surrounding patient information while

Using proxy software Burp Suite it was discovered that the shopping site contained a hidden form field that could be manipulated.

To start off with I chose to go with our banking or financial industry. The banking industry is constantly getting attacked by various methods on a daily basis. I chose this industry because I happen to know someone who works in the security sector at Wells Fargo Bank, he was a good person to get information on what he sees on a daily or weekly basis. This paper is the opinion of myself and with gathered information from various resources.

The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline

P1: explain the impact of different types of threat on an organization Introduction: I will be explaining the impacts of different threats such as Malicious damage including viruses, hackers etc. on an organization in the first part. This part will include why and what malicious damage is and I will write the meaning of each different type of damaging a system. The second part will include the different threats related to e-commerce which will also include three different parts from website defacement to service attack. This will then lead to counterfeit goods where I will talk in detail of how it can affect your system and how some software’s are sold which are fake and can damage your system greatly.

Computer security is the security applied to the computers and their networks including the internet. Physical security and information security are the two types of computer securities which prevent theft of equipment and data. (Man, 2015).

Members of the Emergency Management Team or Team Coordinators will instruct all individuals to evacuate at Rally Point “X” located behind the church through word of mouth.

Dr. Blahblah has implemented a system with an 8-bit random canary that is used to detect and prevent stacke-based buffer overflow attacks. Describe an effective attack against Dr. Blahblah’s system and analyse its likelihood of success.

Following the security breach that this corporation they had investigation into what happened in the security breach they need to find out who was involve in the breach . I need to also let the manage of the corporation know what was going on and what kind of plan I have come up with to deal with this. I have to determined if this breach is of the appropriate magnitude, if I need to share it with press or not . As the tech for the information system department at this corporation .I need to make sure that I will give notify the department in which the breach happened. I will provide a brief description of the security breach that happened. I also need to make sure that I compromised shall be notified in the most expedient time as possible

Having a security access control in place within an IT company will play a vital role in knowing who is where within the entire organization. Therefore, it is necessary to define the credentials required within the organization and to implement them consistently and diligently throughout the

Faults are a precise interaction of hardware and software that can be fixed given enough time.

A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset.

A Systems Approach to Conduct an Effective Literature Review in Support of Information Systems Research

In as much as we understand the problem domain it is necessary to understand the core concepts of computer security. Stewart et al (2008), discusses the main objectives of security as seen through the CIA Triad: Confidentiality, Integrity and Availability. The most important of these from the perspective of health data in medical practice is confidentiality. Confidentiality of information is paramount when dealing with medical information. This project will attempt to understand the state of confidentiality, availability and integrity in the surveyed hospitals.