You must find an organization that has implemented information systems security with emphasis on one or more security services and mechanisms. These services and mechanisms may include Access Control, Authentication, Intrusion Detection, Firewalls, Perimeter Protection, VPN security, Antivirus Infrastructure, Intranet Security, PKI, Real-time Protection, Unix/Windows Security, and Security Auditing. There are many more services and mechanisms that might be available for analysis. The focus of this assignment is Information Systems Security. Writing about gates, guards, fences, lighting , CCTV, and building access is not appropriate for this assignment.
Your case analysis must focus on strengths and weaknesses of the security of information infrastructure with respect to the services and mechanisms you have identified for analysis. You do not need to analyze all services and mechanisms. Select those that you might consider critical to the system being examined. For example, access control is very critical in on-line Consumer Banking system, while encryption is considered very critical in Business-to-Business Electronic Commerce. The case does not need to identify the corporation or employer. This is done for those who would like to look at a problem within their own organization without the problems associated with publishing employer information. The case should focus on a specific security issues and technologies. Recommendations for improvement are a required part of the analysis.
E-commerce organizations that have experienced a data breach in the past will have adequate information published to formulate a case. Interviews are not required for this case. If a Department of Defense organization is used in Case Study, ensure that all sources are from the public domain.
Analyze the cases you have selected by providing the background and existing infrastructure for information systems security and make reasonable recommendations for improvement. There is always a room for improvement. Approximate length of each case should be between 3 to 5 pages, double-spaced, and well-documented. You must make specific recommendations.
Your grades in case study will be determined by your analytical skills, ability to identify real-life security problems, professional competence, and the feasibility of recommended solution(s) for real-life implementation. Your cases are unique and therefore, your report will not be compared with other student report.
The developments experienced in technology have facilitated enhancement in how organizations operate in different industries. Information technology (IT) has become a critical part of the organizational life due to its capabilities in gathering, storing, analyzing, communicating, and facilitating data driven-decision making. Effective use of IT gives an organization a competitive edge by fostering other ventures that create competitive advantage. Additionally, information systems are often at risk as data becomes a valuable commodity (van Deursen, Buchanan, & Duff, 2013). The health sector has experienced changes emerging from the use of electronic health records to manage and share patient information across different departments. In the recent past, there has been an increased focus on the health sector by malicious actors, both online and offline. Since 2016, there has been an increased risk of attack by Ransomware, which has become a threat to information system security in various organizations. One of the devastating attacks took place in the New Jersey Spine Centre, where a Ransomware attack led to the denial of service by locking up the hospital’s Electronic Health Records (HIPAA Journal, 2016). Additionally, it locked up the data backup systems and crippled the telephone system within the hospital. The consequences of the attack paralyzed the hospital activities, and the hospital was compelled to comply with the demands of the attackers.
The attack was designed in a way that the Ransomware encrypted data in the electronic health records, making it unavailable to the legitimate users, as well as compromising communication through the phone system. Despite the hospital information systems having an antivirus to prevent such malware, the prevention mechanisms were not effective enough to prevent the attack from being successful. Nevertheless, it was not detected early enough, showing that the antivirus was not effective or it was not up-to-date. Subsequently, this raises the question of what caused the vulnerability in the system if it was secure, to the extent that the back files were affected. The forensic reports showed that the Ransomware was spread to the system through Cryptowall, which entails the spread of spam emails that contain the malware (HIPAA Journal, 2016). In this context, the information system was not compromised due to its physical features. Also, the hospital computers and servers are secure since no information was physically stolen. The issue was in the use of information system network that connected all the computers in the hospital. The hospital had a strategic information system security strategy to prevent the loss of data that includes having a back-up for data in case the main files were lost and using an antivirus to counter malware attacks on the network. The information security was supplemented by ensuring that information was only accessible to legitimate users. It was achieved through restricted access to particular offices that were kept under lock-and-key and the use of a security force that ensured only hospital employees would access such rooms…