Learning Outcomes to be assessed
1) Analyse and evaluate different approaches to the implementation and management of security and threats within an organisation.
2) Perform risk, threat and vulnerability analysis, undertake security counter-measures and the application of the various standards related to information security.
Produce a 2400 words report.
General Information
You are required to use your own created figures and tables (correctly labelled) within your report.
Assessment Task
“Launch of “Smart Care” – A Smart Healthcare System”
Smart Care is a start-up established in the South Wales Valleys to offer Smart Health Care digital services across Europe. You have recently joined the company as an employee-partner and asked to do a security and threat analysis and submit a report with recommendations regarding secure launch and operation of Smart Care.
The features of Smart Care are following:
• Telemedicine operations
• Smart hospitals
• Augmented Reality/ Virtual Reality patient appointments
• Remote Patient monitoring devices
• Drone-assisted medicine delivery to smart homes
Figure 1: Smart Care at the centre of Digital Health Care Services ecosystem
Figure 1 shows the operating landscape of Smart Care. The main Smart Care participants include patients, healthcare service providers, pharmaceutical companies, regulatory bodies and Government entities.
Once you have moved from the Boardroom to the Breakroom, you have scribbled down the following requirements that you aim to complete as a set of activities as part of the more complex process:
Question 1: Identify data assets, their owners, their sensitivity level and specify data handling controls:
a) Identify data assets
b) Identify data asset owner for all identified 15 data assets
c) Evaluate data asset classification levels (i.e., sensitivity as high, moderate, and low) for CIA Triad.
d) Identify adequate data handling controls for operations, namely, access control encryption and monitoring for high, moderate, and low sensitive data.
Question 2:
As a result of a joint-venture with a US organisation, Smart Care is expected to grow as a medium-sized organisation (50 to 249 employees).
You are required to write few sections of an Information Security Management Policy document.
(marks 40%; approximately 1150 words)
a) Asset Management
b) Physical Security Controls
c) Disaster Recovery Plan for Business Continuity
Question 3: Solve the following problems:
A. James Anderson works in a team that supports smart water company customers who are struggling to keep up with the payments. He’s just received a call from an uncle of one of the customers, who is asking for details about a customer’s difficulties so that he can help the customer. What do you think James should do in this situation?
B. Catherine runs a large smart transport company. She’s recently advertised for new staff. She’s been inundated with applications and doesn’t have a long time to review them all. She is travelling with a colleague to a conference tomorrow, so she’s planning to take a laptop on the aeroplane, along
with the paper CVs she’s received.
That way, they can both sort through everything on the journey. How would you advise her to take appropriate actions to protect personal data of applicants? Provide technical advice.
C. Meet Mr Khan.
He’s got an appointment to visit his doctor, but unfortunately, it doesn’t turn out quite how he expected. As Mr Khan arrives at the surgery, he’s surprised to find personal details about his appointment on display in the waiting room, for all to see. Then when he eventually talks to
the doctor, it turns out she’s referring to the wrong patient file. It’s all very annoying. The doctor is unable to find his file anywhere. List the data mismanagement issues and identify possible solutions to avoid this type of situation in the future.
D. Know your enemy: identify misclassified threats from the following figure and suggest corrective measure.
Figure Source: Information Security Essentials – Understanding the Threats (USW)
E. Discuss one example related to Social Engineering Threats in each of the following categories in the smart emergency services scenario: identify a relevant security control and mention its ISO 27001 Standard category: (technical; physical; legal and administrative):
a. Authority
b. Liking
c. Reciprocation
d. Social Validation
Last Completed Projects
| topic title | academic level | Writer | delivered |
|---|
