Rapid growth of technology

Rapid growth of technologyEXECUTIVE thickIn the current season, the rapid growth of technology, communication and especi totallyy the banging volume of info have led m whatever companies and institutions to use IT systems for the counsel and the safety of information.The main objective of this project is to implement a exhaust security measures cadencys assessment of the private infirmary Elpis. The firms which effectively allocate their resources for the breach understanding of the endangerments they attend, preempt more easily avoid unexpected situations and venthole resources in some other directions and profitable activities (i.e. new investments), that otherwise would have potentially rejected as very dangerous. Therefore, the adoption of procedures that focus on encounter abstract and Management deal substantially help firms to prevent or control risky situations. Once, firms have identified an efficient way to ginmill the relationship between their risk and rewards they could significantly improve their current trading operations or find new profitable activities.This project analyses the risks related to the security of the infirmary Elpis. Specifically, it focuses on the hospital organization, the sources of operational risks and provides detail description of functional technologies that can ensure the watchfulness and control of these risks. The hospital is located in Athens having two other subsidiaries called Mitera in Chalkida. We know that the private hospitals stand in classic aesculapian information cin one causerning their perseverings. The central IT surgical incision is established in Athens dealing with various run much(prenominal) as the patient registration selective information, patient diagnoses, talk termsment of checkup information, other info saving, and so forth On the other hand, the IT department in Mitera hospital is obsolete with expressage faculty to send and receive large volume of entropy . Therefore, this project aims to investigate all the required procedures that can ensure the equity and secretity of medical exam information transmission between the hospitals and the incessant operation of the IT services.Elpis hospital is constituted by five departments the Administrative Department, the Human Recourses Department, and Finance Department, the Secretariat-motion of Patient Department and the IT Department, term Mitera hospital is organized into two departments, the Secretariat-motion of Patient Department and the IT Department. We analyse the IT department of Elpis hospital which employs the head of the IT department, a communicate administrator, a medical softw are system administrator, a database administrator and an information security administrator. Our analysis reveals some rules and practices that can ensure the information safety in the private hospital. likewise, we have recognize significant sources of risk come from the outside(a) environment and individuals that work in the hospital. The results of this report can be used in the improvement of medical information safety and the minimization of the possible risks.Next, we present the potential scientific solutions that the hospital can adopt at a total financial cost of EURO 5000. They include the Intrusion Detection System (IDS), Antivirus, Spyware, Adware and firewall, Implementation of tear 5, automatic fire detection mechanisms, emergency generator UPS, automatic gloriole conditioning control, User polity and Password policy.DETAILED ANALYSIS rendering of the companys IT footIn this section, we present organizational structure of Elpis and Mitera hospitals as salubrious as their packet part of their network. We continuous our analysis using the CRAMM methodology in order to uncover the threats and weaknesses of the IT departments. Finally, we present possible solutions that can face all these risks pertinent with the operation of the IT department. The pr ivate hospital Elpis is located in Athens at a building consist of 3 floors. In the first floor we find the hospitals administration and a reckoner populate with the IT equipment. In the second floor is the pathological and chirurgical clinic, the secretariat of the clinics and the medical library. The three floor accommodates the cardiologic clinic, the secretariat of the clinic and the room of telemedicine. All the offices for each roof are refered to the same LAN.The giving medicational structure of private hospital Elpis is constituted by five departmentsThe Administrative Department has the total administrative accountability of hospital. It applies the strategic decisions and rules which are taken through the administrative council. It aims in the withdraw allocation of responsibilities to employees and to provide the maximum good working environment. It has the accountability for complaints and the effectuation of regulation.The Human Recourses Department Arrange f or any matter relating to the official situation of the hospital module, as well as for the monitoring, organizing and control the personnel of all services of the hospital.The Finance Department the care for the study of the economic needfully of the hospital, and its contribution to preparing the budget of the hospital, making the expenditure, the liquidation of personnel acceptances and remaining compensations, procurement, management and storage of supplies and materials that needed to operate the hospital, the training of balance-sheet and assessment, the responsibility for the safeguarding of hospital bunch and the observation of economic statistical elements.The Secretariat-motion of Patient Department arrange for any matter relating to the organization of secretarial support according with the decisions of management and other services at the hospital. It arranges the publication of tickets for admission of the sick, and compliance with waiting number admission. Also, i t keeps detailed statistics of nursing movement and it grants certificates in the patients, afterwards the submission of recounting lotion.The IT Department has the responsibility for the organisation and operation of calculatorisation, touch and maintenance of computerized statistical data, providing and distribution of information in the services of hospital, in the Ministry of Health, Welfare and affable Welfare and in other relevant bodies and each other relevant work. It is obligated to research new technologies with aim to save m wholenessy and plus productivity of the hospital. It provide good support and training in the employees of hospital for each technology program that using. Also it is trustworthy for the security of IT programs and IT hardware.The IT infrastructure of hospital Elpis consists of waiters which running the medical application or others services and the ability to store all data, the network equipment (switches-Ethernet) which is used for conne cting the computer room-servers and the personal computers of hospital staff and the firewall that is configured from the network administrator and monitor data vocation from the hospital on the Internet with specific criteria. In figure 1 presents the topology of the system.Hardware of infirmary ElpisA Router (1 piece) The Router is a thingmajig which connects the workstation on the network of the hospital. The Router connects the local anesthetic network of the hospital with the internet, using a contract line of 4 Mbps.Firewall (1 piece) The Firewall is a device or computer software that prevents penetration to or from a private network for which it was authorized. The Firewalls can excessively be utilise to hardware and software, or a combination of both(prenominal). It used to monish unauthorized Internet drug users from accessing private networks. Also firewall controls the movement of data for the expanse that is liable.Switch (4 pieces) a hardware device and used to connect contrasting comp anents in the same network. The switches cutting useless Internet traffic and rent you an affordable high-performance network. The switch is can be used for splitting the physical LAN in two subaltern LANs. In network of hospital this switch splits the physical LAN in two small LANs. A central switch is connected with three other switches which connect the workstations. While another switch connects the servers.Database Server (1 peace) Database Server is a device that used by one or more machines as their database. By using a database server users of the hospital have the ability to manage and organize medical dataWeb Server (1 peace) O meshwork server is a computer, allowing other computers to access files that manage, using the HTTP protocol (Hyper textbook Transfer Protocol). Please note that the basic web server administrator has the ultimate control of the server, un swopable a simple user The infirmary uses Apache Server.Mail Server (1 peace) mail agent receives the e-mail from local users (incoming), and offered to vacate on outbound users. A computer dedicated to running such applications is also called a mail server. The depute of medical results from the Mitera hospital to the hospital Elpis made via e-mails.Backup Server (1 peace) A Backup Server is a way to save your crucial medical files into one single two-dimensional file. The best part of Backup Server is its affordable and you can transfer the compressed file onto another computer or hard drive. In addition, backup server has the possibility to administrate the tape backup machine. attach Backup Machine (1 peace) Backup Machine provides the easiest way to backup your hypercritical folders and files allowing access to local and network directories. The disk should be re centerd at stiff intervals and stored in a sheltered place.Workstastion PC (50) Each office holds, one or more desktop pc only for infixed services access and development. software packa ge of Hospital ElpisMicrosoft Exchange Server 2003Windows XP Professional seer 8The Mitera hospital has a Secretariat-motion of Patient Department, the Pathological clinic and the IT department. The medical information (patients data, patient diagnoses, etc.) is exchanged between hospitals with web-hosting or email. The communication as achieved with an ADSL 4 Mbps. The technical characteristics (see figure 2) of Mitera hospital are the same with Elpis hospital.Hardware of Mitera HospitalA Router (1 piece),Firewall (1 piece)Switch (4 pieces)Mail Server (1 peace)Web Server (1 peace) repositing Devices (1) are used to store the medical data. The storage devices are one of the near classical components of the computer system.Workstation Pc (5)StaffMembers of the group go away undertake to conduct the risk analysis in Chalkis hospital. They should be educate in project risk analysis in order to meet their goal. Specifically, the team has the following membersDirector Management He has the overall responsibility for the project in order to succeed. He is responsible for right-hand(a) organization of the team and ultimately responsible for assessing the risk analysis.Chief He is responsible for organizing team members. Has the responsibility to estimate the job each team member. He is responsible for implementing the risk management program.Manager system and informations they have the responsible for the integrity and availability of systems and information trade protection Department they have the responsible for security programs and to identify risks and their eliminate with using the risk analysisSecurity Practitioners they have the responsible for the evaluation of security requirements for each IT systems.Risk AnalysisIn the previous section we described the organizational and informational structure of Elpis and Mitera hospitals. Now, we are describing the assets that are classified into three categories a) software assets, b) hardware assets and c) d ata assets.A system can be characterized as reliable and safe when it is a) confidential provide access only to authorized persons. They have access to important information (medical information, personal patient data), b) availability the service that the IT facilities provide should be incessant, c) integrity the system should be ready at any fourth dimension to provide reliably any information. Also, the information should not change by unauthorized persons.Data assetsThe hospital manages important medical information. Thus, the access to the internal network should not be free and the communication between the hospitals should be characterized by safety and reliability.The data assets of private hospital Elpis can ensure the followingPatient Records patient personal data (patient medical history) staff office Records staff personal dataFinancial Records financial data concerning both hospitalsStatistics records statistical data related to the number of surgeries, patient entra nces, deaths, etc.In this project, we perform a risk analysis and management for two data assets, the patient files and the statistical data.Hardware assetsIn this category, it is classified the physical assets like the equipment facilities, buildings. We focus our analysis on hardware assets. Specifically, the hardware assets of Elpis hospital can be the followingsApplication server It is the most important part of the system. The medical application is installed on the application server where the medical data forming is implemented. Moreover, other staff and financial application are installed on the application server.Database server It makes possible to the different software to ask for information, update and strike down data.Backup server It provide access to different saved data in the system relevant to medical data, patient personal data, staff data, and other general hospital dataMail server It facilitates the interchange of mails between the Elpis hospital and the hosp ital in Chalkida.Also, we perform a risk analysis and management for the most important hardware assets application server and database server.Software assetsThis category of applications contains software that the staff of hospital uses for data processing. The software assets of private hospital Elpis can be divided intoStaff Software They are applications that manage data of hospital staff. They permit new records, withdraw of records and modifications.Patient folders Software These applications manage data relevant to the patients (personal data patient medical history).Data Statistical analysis Software They are applications that process statistical data and help in the creation of annual reports tendency OF COUNTERMEASURESIn the higher up section was realised the analysis for the threats and the vulnerabilities for each assets (figure 3) . In this section we analyze the countermeasures which should be taken for each threat. In addition, we proposed solutions and technical relatively with the physical and hardware section as well as the architectures and security policies. The countermeasures provide be supposed in such leg in order that the hospital working in an error-tolerant.Each employee ordain have the appropriate privileges in system, in relation to the work which he performs. The password policy should be changed. Users must renew the password once a month and use string passwords. For devices that contain important medical information that password should be changed once a week and the rights of the user accounts to be examined by managers every(prenominal) two weeks. As a point of reference the user policy should describe the rules that pass on prevent the user from unratified operations (even if accidental) aiming at the confidentiality of data.The company should implement a backup policy in order to store important medical information (patient file) and data which associated with the company (any company, personal information). The backups are major because theres a danger of losing important data from the disaster of equipment or external threats or by humanity beings error (deliberate or accidental). The backup will be made every day and in time that the workload of the hospital is small. Also it should be created a monthly backup that will be stored in a separate location, in case where the initial copies have been destroyed by a natural disaster or damage of equipment or human error. The storage of data will be realised with technical of bust 5 because the price of the disc is significantly reduced and the costs of implementation Raid 5 is now within most organisms budgets.A measure that must be taken is the readiness of an emergency generator UPS which will ensure continuous operation of IT equipment even if creates problems at the central UPS. Also an emergency generator UPS should be connected with the chilling system of the computer room.In the computer room there is a simple cooling system which may not ensure the proper operation of IT systems. The most effective measure is the installation of an completed cooling system which will have automatic air conditioning control with aim to derogate the risk of a sudden increase in temperature.The confidentiality and the data integrity is an important part of the hospital. The installation of IDS device provides control of the network and impact detection that can come from either inside or outside of hospital and detect violations of security policies. An IDS has the ability to produce reports on the above events.In addition, a measure that must be taken is the installation of completed fire protection equipment in all spaces of the hospital (patient rooms, offices, computer room). The fire system will have the ability to detect warmer or fire and more generally the change in the temperature also in case of emergency the possibility of telephone connection with the local fire station and the police.The education and training o f hospital members in safety, confidentiality and organisation issues should are realised each 2 months. Thus, hospital members acquire sense of touch of personal responsibility and dexterities.Finally, it should be installed Software applications which will protect the network of hospital from malicious programs. The installation of Antivirus Spyware program will take place in server with a view to automatically install and update the antivirus programs on each workstation.CONCLUSIONThe main objective of this report was to evaluate safety in private hospital Elpis with the method of risk analysis. The hospital has implemented some measures for the correct and safe operation of hardware and software but these measures do not cover many of the threats.The most important areas that should provide the hospital are the confidentiality, integrity and availability of data. These areas should be applied to a greater degree in the user policy and the security policy. Also, it should be im plemented specific technologies which ensure in the hospital proper functioning. Access to sensitive patient information and medical research should be protected specifically by unauthorized persons. Finally, it suggested equipment to help in case of emergency.