Here are weekly assignments to address for each week which will contribute to the Final Project: Each question assignment will between 250-350 words.
· Question 1 – Develop your network boundary based on the requirements provided, see Appendix A of the syllabus. Follow the assignment in Appendix A. You will need to draw the network boundary and provide a detailed network description of the network boundary.
· Question 2 – Describe the security and privacy requirements for the network boundary. This is a physician’s office, so please describe the HIPAA security and privacy requirements you need to follow for your network boundary. Use the HIPAA, HiTech, and Omnibus Laws to help you create HIPAA security and privacy requirements.
· Question 3 – We need to ensure the physician’s office is secure and the HIPAA data is protected. Read NIST SP 800-53 rev 4. How can this document help you ensure your physician’s office is secure? Out of the 18 control families, pick two control families and address the controls in complete sentences for your network boundary.
· Question 4 – We need to ensure the network boundary is hardened. Please review the DOD STIG for Oracle 12. Select 20 controls and address how the Oracle server has been hardened in the physician’s office.
· Question 5 – We are preparing for an audit of the system for HIPAA compliance. What are all of the documents we will need to have prepared for the upcoming audit? Please explain why each document is important. What scans should you run on the system, please describe the scan and on why systems the scan ought to be facilitated.
· Question 6 – The auditors have finished their assessment. In Appendix B, we have the findings from the audit. Please address in detail how each finding should be mitigated. Match up each control to the SP800-53 control family and control number.
· Question 7 – The physician’s office now wants to add tele-medicine to the functionality of their network. Explain in great detail, 500 words or more how this will impact the physician’s office and what we need to do from an information assurance perspective. Make sure you include change management in this discussion.
· Question 8 – Write Conclusion 500 word narrative explaining why information security is important in the Healthcare field. Cite Scripture to demonstrate your understanding of how faith integrates with the information technology and healthcare fields. Check to ensure that APA format has been used and you have at least 14 peer-reviewed references.
Information Assurance Project
In order to understand the practical impact of Information Assurance, we will work on a project over the next 8 weeks. One of the major requirements in information assurance is documentation and being able to articulate your understanding of a security requirement or control. Please design a network for a hypothetical physician’s office and provide a network description with the following:
1 Server with Scheduling software (pick one)
1 Server for billing (pick one)
1 Server with a data base for patient data – Oracle 12
1 Server for email – Microsoft Exchange Email
The office has 10 patient rooms with a desktop in each room running Windows 10 for the OS
The office is based on wireless networking with TCP/IP.
There are two doctors in this office.
This office has an Internet connection to the mother company.
The network boundary for this assignment is just this physician’s office.
In your network description please provide the following:
Describe the purpose of this network.
Describe the network and equipment, the servers and the software in place.
Describe the security you have in place.
Identify the Matching Control in the SP 800-53 – Control Family and Control Number
What would be the appropriate mitigations?
3. There are default admin accounts with elevated privileges