Organizational Profile and Access Management Case

Analysis of Threats to the Organization IT system

case study: BENEFIT RECOVERY SPECIALISTS: 274,837 PATIENTS

A hacker obtained the credentials of a Benefit Recovery Specialists’ employee to gain access to the insurer’s systems and deploy malware, breaching the data of 274,837 patients from several providers and payers that use BRSI for billing and collections services.

On April 30, BRSI discovered a malware incident on some of its servers and took those systems offline to remove the malicious software. An investigation confirmed a hacker accessed the systems using stolen employee credentials, which allowed the threat actor to either access or acquire some customer files for 10 days between April 20 and April 30. 

The compromised data included personal information from both current and former members of certain providers or health plans that leverage BRSI and could included dates of birth, provider names, diagnosis codes, policy identification numbers, dates of service and or procedure codes.

Social Security numbers may have been affected for a small subset of patients. 

Problem 1- Planning project

Part 1
Your book talks about the “Scope Triangle” or the Iron Triangle. 
Question 1: Your book addresses six areas that are part of the iron triangle – 

  1. Describe each of the areas included in the iron triangle
  2. Of the six which areas do you feel are the most important and why? 

Question 2: You are managing a project and your sponsor has given the following constraints:

  1. The project must be completed in 2 months
  2. The project must include 7 core pieces of scope
  3. The project must stay within 1 million dollars

What concerns do you have with the three constraints above and how do you proceed?

Part 2

Scope Creep – Discuss ways in which scope creep occurred on projects with which you have been associated.  Was the project manager able to reverse scope creep? Is it possible to reverse scope creep and what is the impact? How do you identify scope creep?

Text

Title: Effective Project Management 

ISBN: 9781119562801 

Authors: Robert K. Wysocki 

Publisher: Wiley 

Publication Date: 2019-05-07 

Edition: 8th Edition

Project 1: Executive Summary

 This week, you will submit the one- to two-page executive summary that you started last week. This summary is for the owner of Don & Associates, where you are employed in this scenario.

Use this Executive Summary Template. In the template, you will see specific instructions. Delete the instruction text before you submit the project.

Your summary should include:

  • the types of cloud computing (private, public, hybrid)
  • three major cloud service providers
  • three cloud computing service models
  • potential benefits and risks of migrating the company’s technical infrastructure to the cloud

Be sure to cite any sources you use.

How Will My Work Be Evaluated?

For this assignment, you are asked to provide your supervisor with a summary of cloud computing and the potential benefits and risks of migrating to the cloud. By summarizing your findings in a brief executive summary, you are showing how you use your technical knowledge to convey your ideas to others in a professional setting. Your ability to express your findings using the right mix of technical detail in a business context is an important workplace skill.

The following evaluation criteria aligned to the competencies will be used to grade your assignment:

  • 1.1.1: Articulate the main idea and purpose of a communication.
  • 1.1.2: Support the main idea and purpose of a communication.
  • 1.1.3: Present ideas in a clear, logical order appropriate to the task.
  • 1.2.1: Identify the target audience, the context, and the goal of the communication.
  • 1.2.2: Employ a format, style, and tone appropriate to the audience, context, and goal.
  • 1.3.1: Identify potential sources of information that can be used to develop and support ideas.
  • 1.4.1: Produce grammatically correct material in standard academic English that supports the communication.
  • 1.4.2: Use vocabulary appropriate for the discipline, genre, and intended audience.
  • 10.1.1: Identify the problem to be solved.
  • 10.1.2: Gather project requirements to meet stakeholder needs.

Wk 3 – Apply: Hacking Threats

Assignment Content

  1. This week, your flooring sales and installation company client wants you to explain the different kinds of attack threats their business faces from hackers.

    Write a 1- to 2-page memo or create a 1- to 2-page table that summarizes attack threats from hackers to any business, noting which are applicable to your client’s business; how the vulnerabilities in a system can be exposed; and countermeasures that can mitigate against threats from attack.

    Describe sniffing attacks, identify a protocol that is vulnerable to sniffing, and suggest appropriate countermeasures.

    Describe session hijacking, provide an example of a specific threat from session hijacking, and recommend appropriate countermeasures for the threat. 

    Describe spoofing, provide an example of a specific threat from spoofing, and recommend appropriate countermeasures for the threat. 

    Describe poisoning attacks, provide an example of a specific threat from a poisoning attack, and recommend appropriate countermeasures for the threat. 

    Describe denial-of-service (DoS) attacks, explain the threat from DoS attacks, and recommended countermeasures that can prevent them.

    Format your references according to APA guidelines.

Assignment Your term project is to

  

Chapter: 1-13

Assignment: Your term project is to create a complete web site. The topic of the web site is of your choosing

Requirements: Must be fully HTML5, CSS3, and accessibility compliant (hint: use the validators)
Must contain between 6-10 pages with at least 2 levels of folders
Must use a consistent 2 column page layout with sections for navigation, body, heading, and footer (created via an external CSS file)
Must have at least 4 graphics, with at least 2 of them being hyperlinks
Must have a vertical navigation bar with links/graphics that change appearance with hover, click, etc
Must contain at least 1 of each of the following:
block quote
unordered list
ordered list
character entity
Must use colors for text, background, or both using both in-line and internal/embedded CSS
Must include a background image for at least a portion of the page layout (typically the heading)
Must configure CSS to have a different appearance for printing (using media types)
Must have at least 1 table with at least 1 numeric column that is right justified
Must have at least 1 embedded video that works with a typical Windows PC with Internet Explorer and Microsoft Media Player. Do not link to another site (such as YouTube), you must include the actual video file itself in your web site submission. Please pick a small video… as this will make uploading your zip file much faster
Must have a form for users to submit name, email, and comments. Use input validation where practical and use the form hosting service from chapter 9
Note: I recommend that you make a checklist of all of these required parts of the assignment, so that you don’t miss one

Expectations: A single zip file with your entire web site

Instructions: Submit your file using the naming convention in the syllabus, for example: “CIS3315 TermProject Grayson.Vernon.zip”

Discussion 250 words

 

Many people believe that the use of biometrics is an invasion of privacy. For example, an eye scanning device records the inner structure of a person’s eye and stores that image in a database. Critics worry that databases of human traits used to maintain corporate security may actually pose a privacy threat to individuals, if such data were used in other ways. In your view, are such concerns justified? Why or why not?

Firewalls

Question A

The sphere of security shows how access controls can be implemented to defend against threats. Firewalls have been a significant control mechanism to control the flow of information. Select and discuss a firewall type from this week’s reading. Include what factors you would include in a brief to your organizational leadership in selecting this firewall for your organization’s network. 

Question B

 

Symmetric and Asymmetric Encryption

Discuss the difference between Symmetric and Asymmetric Encryption to include the process each uses to secure the information between the sender and receiver. Which is more secure?

CTI

 

Assignment Content

  1. Summarize your threat intelligence findings in a concise and informative 8-page report for your organization.

    Complete the following in your summary:

    1. Identify company details: client, organization, stakeholders
    2. Identify test details: tests performed, dates performed, duration, assets analyzed, categorized threat intelligence types
    3. Include an executive summary:
    4. Summarize the impact of the threats on the organization.
    5. Include direct and indirect threats.
    6. Articulate the traffic light protocol:
    7. Recommend a method for disseminating intelligence in the organization.
    8. Indicate threat risk levels.
    9. Describe the security team: skill sets and size of the team needed to run the threat intelligence program.
    10. Explain the analysis methodology: methods used to collect, extract, process, analyze, and evaluate data.
    11. Describe the threat details: technical information on identified threats.
    12. Identify IoC: specifies indicators.
    13. Summarize recommended actions based on risk analysis.
    14. Cite any references to support your assignment.

      Format your assignment according to APA guidelines.

      Submit your assignment.

       

Mobile app -1

 Mobile Devices and Apps for Health Care Professionals: Uses and Benefits
Give some reasoning behind your views. What would be the impact of this approach to the Health care facilities like Hospitals and general public.

Source https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4029126/