Organizational Profile and Access Management Case.
I don’t understand this Writing question and need help to study.
You are a systems administrator in the IT department of a major metropolitan hospital. Your duties are to ensure the confidentiality, availability, and integrity of patient records, as well as the other files and databases used throughout the hospital. Your work affects several departments, including Human Resources, Finance, Billing, Accounting, and Scheduling. You also apply security controls on passwords for user accounts. Just before clocking out for the day, you notice something strange in the hospital’s computer system. Some person, or group, has accessed user accounts and conducted unauthorized activities. Recently, the hospital experienced intrusion into one of its patient’s billing accounts. After validating user profiles in Active Directory and matching them with user credentials, you suspect several user’s passwords have been compromised to gain access to the hospital’s computer network. You schedule an emergency meeting with the director of IT and the hospital board. In light of this security breach, they ask you to examine the security posture of the hospital’s information systems infrastructure and implement defense techniques. This must be done quickly, your director says. The hospital board is less knowledgeable about information system security. The board makes it clear that it has a limited cybersecurity budget. However, if you can make a strong case to the board, it is likely that they will increase your budget and implement your recommended tool companywide. You will share your findings on the hospital’s security posture. Your findings will be brought to the director of IT in a technical report. You will also provide a nontechnical assessment of the overall identity management system of the hospital and define practices to restrict and permit access to information. You will share this assessment with the hospital board in the form of a narrated slide show presentation. You know that identity management will increase the security of the overall information system’s infrastructure for the hospital. You also know that, with a good identity management system, the security and productivity benefits will outweigh costs incurred. This is the argument you must make to those stakeholders.
Create an Organizational Profile for Your Case
Now, it is time to research your chosen case to determine how the organization’s IT department operates, how it is structured, and how PHI is moved around the organization for stakeholders’ use. Revisit guidelines on conducting research, if needed. Next, review the materials in the links below to define and describe the hospital’s information system infrastructure.
It is important to understand the organization’s workflow processes—how they move patient information to the business units that need to process and manage that information, from billing to physician care. All these organizations employ hardware and software within their information systems. It is critical to understand these components, termed a “typology,” and how the components are connected so that appropriate security is put in place to protect sensitive information.
Your research should provide examples of how an information system is connected to cybersecurity components, like firewalls in the information system and network. Be sure you understand the benefits and weaknesses of your case’s network topology.
Your definition of the organization’s typology should include a high-level description of information systems hardware and software components and their interactions. Take time to read the following resources. They will help you construct your definition.
The table below provides a focus for your search strategies. You should consult scholarly resources as well as online resources, newspapers, websites, and IT blogs for similar contemporary cases.
Topics to Address in the Organizational Profile
- Describe the organization and structure. The structure will include the different business units and their functions. You may use an organizational chart to provide this information.
- Define information security needs to protect mission-critical systems. Choose one or more mission-critical systems of the health care organization. Define the information protection needs for the organization’s mission-critical protected health information (PHI). This information is stored in database medical records for doctors, nurses, and insurance claims billing systems, which are used to fulfill the organization’s information needs.
- Define the workflows and processes for the high-level information systems that you have just identified. Workflows and processes for health care organizations define how the organization gets its work done.
- Describe how the typology fulfills the needs of the health care organization. You may supply this information as a diagram with inputs, outputs, and technologies to define workflows and processes for the high-level information systems.