Risk Assessment Report of Hospital

2713 words (11 pages) Essay

8th Feb 2020 Health Reference this

Disclaimer: This work has been submitted by a university student. This is not an example of the work produced by our Essay Writing Service. You can view samples of our professional work here.

Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of UKEssays.com.

Executive Summary

This brief discusses takes an inside look of Bluebird hospitals infrastructure with a Risk Assessment Report (RAR). Information is provided to leadership on the potential threats our network could fall prey to if action is not taken. A system characterization was given to give in sight on Bluebird’s information system as a whole. A breakdown of the hardware, software, system interfaces, users, and databases used to protect the system. There were 4 observations that was discovered when conducting the assessment. Each observation will be reviewed through description, existing mitigating controls, vulnerability, and recommendation. The report measures vulnerabilities using a risk level matrix. Each vulnerability is measured on a scale of low to high risk level.

 

Purpose

 The purpose of this Risk Assessment Report (RAR) is to inform Bluebird Hospital’s board of directors about the security assessment that was performed on the organization network system. The organization network system was scanned by using Wireshark-network protocol analyzer and Nmap-security scanner tools. These tools exposed several vulnerabilities in our system. The vulnerabilities identified by these tools could make our information system infrastructure target to multiple cyber-attacks if not fixed.

Scope

The scope of this risk assessment assessed the use of controls to eliminate vulnerabilities that were exploited by potential threats internally and externally. If exploited, these vulnerabilities could result in unauthorized disclosure of data, denial of service, significant financial loss, and web defacement.

Threats

Cyber security experts around the world has predicted that due to the lack of security control measures that many organizations have security breaches will be at an all-time high (Dobran, 2018). Due to the continued advancement of technology cyber-attacks will grow if Bluebird’s information network is not updated.  Threats to our system are expected if Bluebird’s IT management does not educate themselves on potential cyber-attacks. Spoofing/ cache poisoning exploits vulnerabilities in the system by distracting internet domain name system by diverting internet traffic to a fake server system (Hoffman, 2016). Packet Analysis/Sniffing is a tool that is used by cyber criminals to spy on the network of potential suspects and collect their passwords (O’Donnel, 2018). A DDoS attack is when the network system is compromised and users are not able to get access to the system. The distributed denial of service is used by attackers as blackmail (Florentino, 2018). Insider threats can range from to a disgruntled employee or an employee not being properly trained and falling victim to email phishing attacks. For example a Bluebird employee’s email was infected with a malware virus known to infect users via phishing emails containing malicious links. Over 1,000 patients PHI was compromised in the breach.

System Characterization

In assessing an information technology system, the first step is to characterize your system. Bluebird hospital is composed of several components to make it a whole. Policy and procedures are put in place as guideline rules for all personnel and patients at Bluebird Hospital. In Figure 1 gives a system characterization of Bluebird’s system.

Component

Description

Hardware

PC computer, printer, scanners, wireless internet hardware, CAT card, keyboard, mouse,

Software

OS Windows, Linux, Microsoft Office, Patient Administration System, TCP/IP,HTTP

System Interfaces

Magnetic card strip readers, fingerprint scanner

Databases

RDBMS (Microsoft SQL Server)

Users

Bluebird Patients, Bluebird Employees, shareholders

Figure 1. System Characterization of Bluebird Hospital

In Figure 2 a flow chart is provided of the scope of the risk assessment efforts that were made during this risk assessment report.

Figure 2. Input and Output flowchart of the scope of the risk level assessment effort

Risk Assessment Approach

The approach Bluebird’s management takes to protect our system is detrimental to our information network. The participants that were involved in the risk assessment were the database administrator, IT department, security administrator, network manager, and system custodian. The techniques that were used to gather the information were operating systems such as MBSA and OpenVAS and network monitoring tools such as wireshark and Nmap. In the risk assessment matrix table in Figure 3 our IT team has compiled information that shows the risk level each vulnerability has on our system.

Severity

Likelihood

0-5= Low risk

6-10= Medium Risk

11-15= High Risk

16-25=Extremely High Risk

Insignificant

1

Minor

2

Moderate

3

Major

4

Catastrophic

5

Almost certain

5

5

10

15

20

25

Likely occur

4

4

8

12

16

20

Possible occur

3

3

6

9

12

15

Remote possibility

2

2

4

6

8

10

Extremely Unlikely

1

1

2

3

4

5

Figure 3. Risk Assessment Matrix of likelihood of Bluebird’s system be susceptible to vulnerabilities (MVROS, 2004)

In Figure 4 there is a description of the risk level matrix scale.

Impact Score

Description

16-25=Extremely High Risk

Have severe impact on organization, can result in total loss of information system, cost effect can be greater than $20 million, total loss of CIA, web defacement

11-15= High Risk

Chance of law issues, damage to organization reputation, cost effect of $10 million or more, network compromise

6-10= Medium Risk

Minimal financial loss, some data exfiltration

0-5= Low risk

The loss of CIA but with a limited effect on the organization. Low cost effect on organization

Figure 4. The risk level scale description (MVROS, 2004)

Risk Assessment Results

As technology continues to advance it is imperative for organizations take the necessary steps to ensure the systems are secure. If there are weaknesses our system to be susceptible to data exfiltration. Our organization could suffer from a major financial impact and cause trust issues for customers in the future. After scanning Bluebird’s network several observations were identified using the multiple vulnerability tools such as wireshark, Nmap, OpenVAS, identity management and MBSA. Evaluating the vulnerabilities to get a better understanding of their level of impact is important for upper management to understand. In Figure 5 the risk assessment results of observation that were identified from running scans on our network are identified and rated according the risk level matrix displayed in Figure 3:

Observation no.

Observation description

Vulnerability

Likelihood

Impact

Risk-level matrix

Recommended controls

Existing security controls

1

Multiple user accounts on one computer

No authentication verification method

5

6

6

Having multi factor authentication to access the computer

None. Allows users to have multiple log ins

2

Users have non expiring passwords

Password effectiveness

8

8

8

Have system alert employees every 30 days to update password

Users change passwords every 30 days

3

Firewall connections are off

Weak firewall connection

21

21

21

Make sure Windows are not blocking firewall connections

Vulnerability scanning

4

Port 3306 is exploited by Nemog and W32.Spybot.

Weak firewalls

25

25

25

Have the proper firewalls in place to block trojan attacks

Basic malware protection

Figure 5. Risk Assessment results identified through vulnerability tools (MVROS, 2004)

Summary

There were 4 observations that were identified in this risk assessment report. Observation 1 was multiple user accounts on one computer. This was given a level 6 on the risk level matrix because this is one of the ways our system could be exposed to insider threats. The recommendation for this observation would be to have individualized common access cards that only allows one user on a computer at a time. Observation 2 user having non expiring passwords. This observation was given an 8 on the risk level matrix because hackers could easily guess the users password and infiltrate the system. The recommendation would be for employees to change their passwords every 30 days. The information system will have automatic updates that will require user to update their passwords before moving forward. Observation 3 was fire wall connections were turned off. This was given a 21 on the risk level matrix because firewalls are one of Bluebird’s first line of defense against cyber-attacks. It is recommended that all firewalls connections be turned on at all times and constant updates of the firewall system so the system is constantly protected. Observation 4 is port 3306 is method exploited by nemog and W32.Spybot. This was given a 25 on the risk level matrix because nemog is a backdoor trojan horse virus. Our system could be fully comprised and all access could be lost. It was recommended that an update of malware protection be installed to prevent and remove any viruses.

Conclusion

In conclusion, technology will continue to be updated and therefore threats to any organization network infrastructure needs to be in the fore front of leadership concerns. Using the information provided in this risk assessment report should provide leadership on the areas of concern in our network. Understanding the cost consequence and damage that could possibly be done to the information infrastructure is detrimental. Improving on multi factor authentication and outsourcing a cyber-security company is heavily advised.

 

 

References

Executive Summary

This brief discusses takes an inside look of Bluebird hospitals infrastructure with a Risk Assessment Report (RAR). Information is provided to leadership on the potential threats our network could fall prey to if action is not taken. A system characterization was given to give in sight on Bluebird’s information system as a whole. A breakdown of the hardware, software, system interfaces, users, and databases used to protect the system. There were 4 observations that was discovered when conducting the assessment. Each observation will be reviewed through description, existing mitigating controls, vulnerability, and recommendation. The report measures vulnerabilities using a risk level matrix. Each vulnerability is measured on a scale of low to high risk level.

 

Purpose

 The purpose of this Risk Assessment Report (RAR) is to inform Bluebird Hospital’s board of directors about the security assessment that was performed on the organization network system. The organization network system was scanned by using Wireshark-network protocol analyzer and Nmap-security scanner tools. These tools exposed several vulnerabilities in our system. The vulnerabilities identified by these tools could make our information system infrastructure target to multiple cyber-attacks if not fixed.

Scope

The scope of this risk assessment assessed the use of controls to eliminate vulnerabilities that were exploited by potential threats internally and externally. If exploited, these vulnerabilities could result in unauthorized disclosure of data, denial of service, significant financial loss, and web defacement.

Threats

Cyber security experts around the world has predicted that due to the lack of security control measures that many organizations have security breaches will be at an all-time high (Dobran, 2018). Due to the continued advancement of technology cyber-attacks will grow if Bluebird’s information network is not updated.  Threats to our system are expected if Bluebird’s IT management does not educate themselves on potential cyber-attacks. Spoofing/ cache poisoning exploits vulnerabilities in the system by distracting internet domain name system by diverting internet traffic to a fake server system (Hoffman, 2016). Packet Analysis/Sniffing is a tool that is used by cyber criminals to spy on the network of potential suspects and collect their passwords (O’Donnel, 2018). A DDoS attack is when the network system is compromised and users are not able to get access to the system. The distributed denial of service is used by attackers as blackmail (Florentino, 2018). Insider threats can range from to a disgruntled employee or an employee not being properly trained and falling victim to email phishing attacks. For example a Bluebird employee’s email was infected with a malware virus known to infect users via phishing emails containing malicious links. Over 1,000 patients PHI was compromised in the breach.

System Characterization

In assessing an information technology system, the first step is to characterize your system. Bluebird hospital is composed of several components to make it a whole. Policy and procedures are put in place as guideline rules for all personnel and patients at Bluebird Hospital. In Figure 1 gives a system characterization of Bluebird’s system.

Component

Description

Hardware

PC computer, printer, scanners, wireless internet hardware, CAT card, keyboard, mouse,

Software

OS Windows, Linux, Microsoft Office, Patient Administration System, TCP/IP,HTTP

System Interfaces

Magnetic card strip readers, fingerprint scanner

Databases

RDBMS (Microsoft SQL Server)

Users

Bluebird Patients, Bluebird Employees, shareholders

Figure 1. System Characterization of Bluebird Hospital

In Figure 2 a flow chart is provided of the scope of the risk assessment efforts that were made during this risk assessment report.

Figure 2. Input and Output flowchart of the scope of the risk level assessment effort

Risk Assessment Approach

The approach Bluebird’s management takes to protect our system is detrimental to our information network. The participants that were involved in the risk assessment were the database administrator, IT department, security administrator, network manager, and system custodian. The techniques that were used to gather the information were operating systems such as MBSA and OpenVAS and network monitoring tools such as wireshark and Nmap. In the risk assessment matrix table in Figure 3 our IT team has compiled information that shows the risk level each vulnerability has on our system.

Severity

Likelihood

0-5= Low risk

6-10= Medium Risk

11-15= High Risk

16-25=Extremely High Risk

Insignificant

1

Minor

2

Moderate

3

Major

4

Catastrophic

5

Almost certain

5

5

10

15

20

25

Likely occur

4

4

8

12

16

20

Possible occur

3

3

6

9

12

15

Remote possibility

2

2

4

6

8

10

Extremely Unlikely

1

1

2

3

4

5

Figure 3. Risk Assessment Matrix of likelihood of Bluebird’s system be susceptible to vulnerabilities (MVROS, 2004)

In Figure 4 there is a description of the risk level matrix scale.

Impact Score

Description

16-25=Extremely High Risk

Have severe impact on organization, can result in total loss of information system, cost effect can be greater than $20 million, total loss of CIA, web defacement

11-15= High Risk

Chance of law issues, damage to organization reputation, cost effect of $10 million or more, network compromise

6-10= Medium Risk

Minimal financial loss, some data exfiltration

0-5= Low risk

The loss of CIA but with a limited effect on the organization. Low cost effect on organization

Figure 4. The risk level scale description (MVROS, 2004)

Risk Assessment Results

As technology continues to advance it is imperative for organizations take the necessary steps to ensure the systems are secure. If there are weaknesses our system to be susceptible to data exfiltration. Our organization could suffer from a major financial impact and cause trust issues for customers in the future. After scanning Bluebird’s network several observations were identified using the multiple vulnerability tools such as wireshark, Nmap, OpenVAS, identity management and MBSA. Evaluating the vulnerabilities to get a better understanding of their level of impact is important for upper management to understand. In Figure 5 the risk assessment results of observation that were identified from running scans on our network are identified and rated according the risk level matrix displayed in Figure 3:

Observation no.

Observation description

Vulnerability

Likelihood

Impact

Risk-level matrix

Recommended controls

Existing security controls

1

Multiple user accounts on one computer

No authentication verification method

5

6

6

Having multi factor authentication to access the computer

None. Allows users to have multiple log ins

2

Users have non expiring passwords

Password effectiveness

8

8

8

Have system alert employees every 30 days to update password

Users change passwords every 30 days

3

Firewall connections are off

Weak firewall connection

21

21

21

Make sure Windows are not blocking firewall connections

Vulnerability scanning

4

Port 3306 is exploited by Nemog and W32.Spybot.

Weak firewalls

25

25

25

Have the proper firewalls in place to block trojan attacks

Basic malware protection

Figure 5. Risk Assessment results identified through vulnerability tools (MVROS, 2004)

Summary

There were 4 observations that were identified in this risk assessment report. Observation 1 was multiple user accounts on one computer. This was given a level 6 on the risk level matrix because this is one of the ways our system could be exposed to insider threats. The recommendation for this observation would be to have individualized common access cards that only allows one user on a computer at a time. Observation 2 user having non expiring passwords. This observation was given an 8 on the risk level matrix because hackers could easily guess the users password and infiltrate the system. The recommendation would be for employees to change their passwords every 30 days. The information system will have automatic updates that will require user to update their passwords before moving forward. Observation 3 was fire wall connections were turned off. This was given a 21 on the risk level matrix because firewalls are one of Bluebird’s first line of defense against cyber-attacks. It is recommended that all firewalls connections be turned on at all times and constant updates of the firewall system so the system is constantly protected. Observation 4 is port 3306 is method exploited by nemog and W32.Spybot. This was given a 25 on the risk level matrix because nemog is a backdoor trojan horse virus. Our system could be fully comprised and all access could be lost. It was recommended that an update of malware protection be installed to prevent and remove any viruses.

Conclusion

In conclusion, technology will continue to be updated and therefore threats to any organization network infrastructure needs to be in the fore front of leadership concerns. Using the information provided in this risk assessment report should provide leadership on the areas of concern in our network. Understanding the cost consequence and damage that could possibly be done to the information infrastructure is detrimental. Improving on multi factor authentication and outsourcing a cyber-security company is heavily advised.

 

 

References

Cite This Work

To export a reference to this article please select a referencing stye below:

Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.
Reference Copied to Clipboard.

Related Services

View all

DMCA / Removal Request

If you are the original writer of this essay and no longer wish to have your work published on the UKDiss.com website then please: