Information Systems and Identity Management.
Select a hospital or healthcare organization to research. You may choose an organization you are familiar with or can readily obtain information about. I will provide a link with a list of organizations to choose from. Describe the organization and structure including the different business units and their functions. You may use an organizational chart to provide this information. Choose one or more mission-critical systems of the healthcare organization. Define the information protection needs for the organization’s mission-critical protected health information (PHI). This information is stored in database medical records for doctors, nurses, and insurance claims billing systems, which are used to fulfill the organizational information needs. Define the workflows and processes for the high-level information systems that you have just identified that will store PHI. Workflows and processes for healthcare organizations define how the organization gets its work done. They describe the movement of patient information to the business units that have needs to process and manage that information, from billing to physician care. All these organizations have hardware and software implementations of their information systems, and it is critical to understand these components, and how they are connected (known as their topology), so the appropriate protections can be applied.
Your research may produce instances and examples of how an information system is connected, to include cybersecurity components like firewalls, in the information system and network diagram. Be sure you understand the benefits and weaknesses for the different network topologies. You may incorporate what you find in your research, in your definition for workflows and processes for the high-level information systems and provide explanation of how that topology fulfills the mission for the health care organization. Your definition should include a high-level description of information systems hardware and software components and their interactions. Now that you have defined the hospital’s information system infrastructure, you will have to understand what are the threats to those systems and describe the types of measures that could address those threats. In this section, you will learn about different types of identity access management solutions and how they protect against the threat of unauthorized access. This section of your report will also include a description of the purpose and components of an identity management system to include authentication, authorization, and access control. Include a discussion of possible use of laptop devices by doctors who visit their patients at the hospital, and need access to hospital PHI data. Next, expand upon your description. Define the types of access control management to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multi-factor authentication. The technical report: Provide recommendations for access control and authentication mechanisms to increase the security within the identity management system. Review the mission and organization structure of this healthcare organization. Review the roles within the organization, and recommend the accesses, restrictions, and conditions for each role. Present these in a tabular format as part of your list of recommendations. Provide a comparison of risk scenarios to include the following: What will happen if the CIO and the leadership do nothing, and decide to accept the risks? Are there possible ways the CIO can transfer the risks? Are there possible ways to mitigate the risks? Are there possible ways to eliminate the risks?