Step 1. Place your order
Fill in the order form and provide all details of your assignment.
Step 2. Make Payment
Choose the payment system that suits you most.
Step 3. Receive your paper
Project 5: Instructions Overview Modern health care systems incorporate database
Place your order now for a similar assignment and have exceptional work written by our team of experts, At affordable rates
Project 5: Instructions
Modern health care systems incorporate databases for
effective and efficient management of patient health care. Databases are
vulnerable to cyberattacks and must be designed and built with security
controls from the beginning of the life cycle.
Although hardening the database early in the life cycle is
better, security is often incorporated after deployment, forcing hospital and
health care IT professionals to play catch-up. Database security requirements
should be defined at the requirements stage of acquisition and procurement.
System security engineers and other acquisition personnel
can effectively assist vendors in building better health care database systems
by specifying security requirements up front within the request for proposal
(RFP). In this project, you will be developing an RFP for a new medical health
care database management system.
Parts of your deliverables will be developed through your
learning lab. You will submit the following deliverables for this project:
An RFP, about
10 to 12 pages, in the form of a double-spaced Word document with
citations in APA format. The page count does not include figures,
diagrams, tables, or citations. There is no penalty for using additional
pages. Include a minimum of six references. Include a reference list with
Step 1: Provide an Overview for Vendors
As the contracting officer’s technical representative
(COTR), you are the liaison between your hospital and potential vendors. It is
your duty to provide vendors with an overview of your organization. To do so,
identify information about your hospital. Conduct independent research on
hospital database management. Think about the hospital’s different
organizational needs. What departments or individuals will use the Security Concerns Common to All RDBMSs, and for what
Provide an overview with the types of data that may be
stored in the system and the importance of keeping these data secure. Include
this information in the RFP.
After the overview is complete, move to the next step to
provide context for the vendors with an overview of needs.
Step 2: Provide Context for the Work
Now that you have provided vendors with an overview of your
hospital’s needs, you will provide the vendors with a context for the work
Since you are familiar with the application and
implementation, give guidance to the vendors by explaining the attributes of
the database and by describing the environment in which it will operate.
Details are important in order for the vendors to provide optimal services.
It is important to understand the vulnerability of a relational
database management system (RDBMS). Read the following resources about RDBMSs.
error handling and information leakage
cross-site scripting (XSS/CSRF) flaws
insecure configuration management
authentication (with a focus on broken
access control (with a focus on broken access
Describe the security concepts and concerns for databases.
Identify at least three security assurance and security
functional requirements for the database that contain information for medical
personnel and emergency responders.
Include this information in the RFP.
In the next step, you will provide security standards for
Step 3: Provide Vendor Security Standards
In the previous step, you added context for the needed work.
Now, provide a set of internationally recognized standards that competing
vendors will incorporate into the database. These standards will also serve as
a checklist to measure security performance and security processes.
Read the following resources to prepare:
Common Criteria (CC) for information technology security
evaluated assurance levels (EALs)
continuity of service
Address the concepts and issues with respect to disasters
and disaster recovery, mission continuity, threats, and cyberattacks.
Include these security standards in the RFP.
Step 4: Describe Defense Models
Now that you have established security standards for the
RFP, you will define the use of defense models. This information is important
since the networking environment will have numerous users with different levels
Provide requirements in the RFP for the vendor to state its
overall strategy for defensive principles. Explain the importance of
understanding these principles. To further your understanding, click the link
and read about defensive principles.
Read these resources on enclave computing environment:
cyber operations in DoD policy and plans
Explain how enclave computing relates to defensive
principles. The network domains should be at different security levels, have
different levels of access, and different read and write permissions.
Define enclave computing boundary defense.
Include enclave firewalls to separate databases and
Define the different environments you expect the databases
to be working in and the security policies applicable.
Provide this information in the RFP.
In the next step, you will consider database defenses.
Step 6: Provide a Requirement Statement for System
In the previous step, you identified defense requirements
for the vendor. In this step of the RFP, you will focus on the structure of the
Provide requirement statements for a web interface to:
patients and other health care providers to view, modify, and update the
integrated access across multiple systems.
data exfiltration through external media.
State these requirements in the context of the medical
database. Include this information in the RFP.
In the next step, you will outline operating system security
Step 7: Provide Operating System Security Components
In the previous step, you composed requirement statements
regarding the system setup. In this step, you will provide the operating system
security components that will support the database and the security protection
Read these resources on operating system security. Then:
requirements for segmentation by operating system rings to ensure
processes do not affect each other.
one example of a process that could violate the segmentation mechanism.
Ensure your requirement statements prevent such a violation from
Specify requirement statements that include a trusted
platform module (TPM), in which a cryptographic key is supplied at the chip
level. In those specifications:
the expected security gain from incorporating TPM.
requirement statements that adhere to the trusted computing base (TCB)
examples of components to consider in the TCB.
requirements of how to ensure protection of these components, such as
authentication procedures and malware protection.
Read the following resources to familiarize yourself with
trusted computing base
Include this information in the RFP.
In the following step, you will write requirements for
levels of security.
Step 8: Write Requirements for Multiple Independent
Levels of Security
The previous step required you to identify operating system
security components to support the database. For this step, you will focus on
identification, authentication, and access. Access to the data is accomplished
using security concepts and security models that ensure confidentiality and
integrity of the data. Refer to access control and authentication to refresh your knowledge.
The healthcare database should be able to incorporate
multiple independent levels of security (MILS) because the organization plans
to expand the number of users.
Write requirement statements for MILS for your database in
the definitions and stipulations for cybersecurity models, including the
Biba Integrity Model, Bell-LaPadula Model, and the Chinese Wall Model.
any limitations for the application of these models.
Read the following resources and note which cybersecurity
models are most beneficial to your database:
multiple independent levels of security (MILS)
Include requirement statements for addressing insecure
handling of data.
Include this information in your RFP.
In the next step, you will consider access control.
Step 9: Include Access Control Concepts, Capabilities
In the previous step, you wrote requirements for multiple
levels of security, including the topics of identification, authentication, and
access. In this step, you will focus on access control. The vendor will need to
demonstrate capabilities to enforce identification, authentication, access, and
authorization to the database management systems.
Include requirement statements in the RFP that the vendor
must identify, the types of access control capabilities, and how they execute
Provide requirement statements for the vendor
regarding access control concepts, authentication, and direct object access.
Include the requirement statements in the RFP.
In the next step, you will incorporate additional security
requirements and request vendors to provide a test plan.
Step 10: Include Test Plan Requirements
In the previous step, you defined access control
requirements. Here, you will define test plan requirements for vendors.
Incorporate a short paragraph requiring the vendor to
propose a test plan after reviewing these guidelines for a test and remediation results (TPRR) report.
Provide requirements for the vendor to supply an approximate
timeline for the delivery of technology.