SOLUTION: Harvard University Hospital Highly Sensitive Systems Discussion

The Madison Hospital Network Security and Threat Table
In many cases, when a reference is made to a network of a company, the common
gravitation of thinking rightfully points to either Local Area Network (LAN) or Wide Area
Network (WAN) depending on the size of the organization. Madison Hospital is a small
healthcare facility that averagely handles 150 patients per day. The IT infrastructure of the
hospital comprises a LAN that provides services to slightly over 100 end-user devices with a
data warehouse mainly dominated by patient data, facility financial information, research, and
related medical protocol information and many others (Mell & Grance, 2011). Given the
foregoing, the hospital has no choice but to implement necessary measures that will enable it to
secure its network properly. Such a position is informed by many cases of cyber-related crimes
that have left cooperate with organizations with many losses. Before detailing the issues, the
paper seeks to address, it would be accurate to take the paper audience the hospital system
architecture, the network system security and vulnerability to threats as well as an overview of
the hospital LAN and its important security needs.
The Hospital IT System Architecture
High level of technical skills is usually required in managing systems especially when it
comes to understanding computer architecture, designing algorithm, networking, and design
methodologies. System network architecture explains the methodologies and practices that make
it possible to provide a solution to a broad range of issues in the design of the system including
the security-related problems as well as the manageability, performance, and service quality. The
organization’s system model presents a conceptual model organized into layers for easy
understandability. The network system from a logical presentation is a three-tier architecture that
comprises the application layer where end-user devices are found, the middle layer that
comprises various network servers and finally the third layer that consists databases or the data
Network Security and Vulnerability Threats
Network security and vulnerability threats remain to be one of the biggest headaches for
many organizations. Security of organizational network encompasses software and hardware
components with designs to protect organization data together with the information that
continuously processes in the network (Anantha et al., 2018). Similarly, the same components
issue preventative mechanisms that play a bigger role in protecting the network infrastructure in
its entirety. Equally, data modification, unauthorized access, corruption, and improper disclosure.
Ultimately, the security of the network is usually designed to create a safe environment where
system users can perform all important matters that concern them in the network environment.
Common Network Vulnerabilities
Security threats continue to grow in sophistication. The effectiveness of these threats in a
greater extent depends on vulnerability levels of the network. Vulnerabilities are weaknesses that
can be identified in the network that can permit acts of aggression to paralyze the network. If left
not attended unto, these network security vulnerabilities can expose the network to a host of
problems such as computer viruses, assaults from hackers and other forms of network
aggressions. Below is a table that can help in identifying the IT system assets of the system
architecture of the organization.
IT System Assets
Threats and Vulnerabilities
Security Measures to
Address Threats and
Hardware components
Natural disaster, human error,
theft, and fire
Replace outdated hardware,
documentation, hardware
firewalls, device protection
from physical harm, hardware
security modules such as the
cryptographic keys and many
Software component such as
Windows OS, Adobe, Quick
books, the Microsoft office
and many more.
Hacking, viruses, worms,
bluesnarfing, malicious
software and weak passwords
Organization password
policies, scanning systems for
vulnerabilities, frequent
updates, run antivirus
programs, precautionary
practices such as avoiding
opening of spam emails and
many more.
Data (Critical organization
information, trade secrets,
client information, intellectual
property, financial
information, employee
information and many more)
Data modification,
unauthorized access to
information, phishing,
malware, human error,
ransom-ware and many more
Strong and safe backups,
strong password policies to
prevent cases of unauthorized
access, data encryption,
authentication, and
authorization mechanisms.
Examples include PC,
printers, servers, monitors,
Network Security Vulnerability and threat table
Backdoor hosting
Trust Exploitation attack
Exposed management
Protocol Weakness
Password, authentication, and login
High rout processor CPU
utilization, close to 100%
Major network transitions
and rout flaps
Design Error
Trust Exploitation Attack
Exposed users credentials
Software vulnerability
Protocol exploits routing
Loss of routings, keep alive
and updates
Multiple types of
Integrity attacks and confidentiality
Indiscriminate drops of
From the table above, it is quite evident that the organization’s computing environment
has its own security challenges that grow on a daily basis. These challenges attack from three
fronts, the hardware, software, and data which encompasses organizational information.
Computing in the organization starts with consideration of a simple computing platform which
comprises the hardware, the operating system, and installed applications (Mell & Grance, 2011).
The hardware is the mechanism through which the OS and other applications are installed and
run. The OS, on the other hand, enables for the communication between installed applications
and the hardware operated by the end user. With the cloud infrastructure present currently, the
cloud computing category, the software as a service dubbed SaaS, provides both the hardware
and software hence supplanting the internal information system. For instance, an organization
considering a third-party company to run on its behalf a software it developed and customized to
its own needs. In such environments, the company gives up its hardware components for the sake
of a third party provided a web-based alternative. The costs resulting from such a service is
treated by the organization as utility bill which comes down to telecommunications and storage
LAN Security
Computing devices connected together with the aim of resource sharing forms an
interconnection of network devices called Local Area Network. Traditionally, computer
networks were mainly organized into two main network categories: Local Area Network (LAN)
whose connectivity is limited to either a building or an office and the Wide Area Network
(WAN) which is an expanded LAN. WAN covers a larger geographical area and incorporates
leased circuits of telecommunication. However, organizational IT demands have continued to
increase forcing the players to think of innovative solutions. The traditional LAN and WAN
network types which were hardware and software dependent exhibited a lot of limitations when
organizations started responding to new levels of technological demands.
LANs encounter a mountain of cyber-related threats like unauthorized access, function
disruption, spoofing, data disclosure, and many others. This makes it necessary to have measures
in place that can ensure integrity, confidentiality as well as constant availability of shared data.
Cloud computing model has enabled the organizations to embrace these new levels of
technological demands as well as getting the surety of data security and privacy related to
identity requirements. The model enables for ubiquitous, on-demand network access to a
configurable shared pool of computing resources such as networks, applications, servers, and
services (Ali, Khan, & Vasilakos, 2015). The major characteristics that the cloud model exhibits
resource pooling, broad network access, on-demand self-service, considerable rapid elasticity,
measured service, and service models such as software as a service (SaaS), platform as a Service
(PaaS), and infrastructure as a service (IaaS).
Deployment models and Cloud architecture
The deployment models of cloud computing are majorly grouped into the private cloud,
community cloud, hybrid cloud, and public clouds. The cloud architecture issues a description of
five major actors and the roles and responsibilities. The actors include the cloud consumer, cloud
auditor, provider, broker, and carrier. Each of the actors is an organization or a person that
participates or performs tasks in cloud computing (Shen, Lindenbergh & Wang, 2017). For
instance, a cloud consumer is an organization or an individual that receives and utilizes products
and services of the cloud. The cloud broker, on the other hand, acts as an intermediary between
the provider and the consumer and guides the consumers through complexities of the offering of
the cloud services. Similarly, cloud auditor issues valuable and underlying function for the
government by running performances independent and secure monitoring of cloud-rendered
services Mell, & Grance (2011). The carrier is the organization bearing responsibilities of data
transfer, somewhat similar to the electric grid power distributor. Below is an organizational
cloud-based network architecture diagram.
Common Access Cards Deployment Strategy
Common Access Cards (CAC) are means of system user authentication. The technology
involves the use of a smart card with an electronic chip integrated with it. The card’s integrated
chip stores all manner of sensitive data. The real data on stored on the chips is also possible to be
encrypted on the cards themselves thereby reducing the danger of losing information with a
damaged chip. The hospital can engage the CAC services as a way of managing the security of
key company information while at the same improving the flexibility of such information.
Maybe it would make more sense to divulge some of the business and cyber advantages that
adoption of the CAC would extend to the hospital (Anantha et al., 2018). First, it saves the IT
department from the hustle of always overseeing a process akin to physical identification before
access of whatsoever kind is granted to key or critical. Currently, the hospital IT officers
maintain one pool of information referred to as the database. All data and related information are
stored in the company database thereby forcing every staff member to provide their authentic
credentials every time at the workstations to access the shared resources. Armed with the CACs,
the burden of network security will no longer be the sole duty of the IT security team but will be
shared equally among the staff with the cards as well as the hospital IT team.
Also, it should be noted that the introduction of cards will promote flexibility of staff as
the majority will be able to work at one point then move to another point within the hospital
without incurring extra costs. Under current technology order, the employees other than the
nurses and the physician discharge their duty at their everyday workstations. These employees
depend on their end-user devices such as PCs, printers, scanners, and many others to interact
with the system. Swiping access gadgets will accompany the cards together with computer
extension components that will accommodate swiping, touching, and pressing. The cards will be
synchronized with the company database, the hospital’s enterprise resource processing system
and the hospital’s decision support system. Data encryption of the cards will make them super
secure tool. This is because whenever the cards fall on wrong hands; or rather get lost and later
be found by non-users, not even a single piece of hospital data set can be retrieved and
mishandled (Souppaya & Scarfone-National Institute of Standards and Technology, US
Department of Commerce-2012). Encryption uses a particular code to the crypt and decrypts a
set of information. The recipient from the other end utilizes the same code to decrypt the
information to get to get the message.
The card technology has one drawback. In most cases, there are keys that are used for any
card to bypass the system security protocols. The owner knows the password, but there is also
one other person who stores the passwords. There is someone who is responsible for all bypass
keys, and this is the only person who can change the keys. It is similar to the Bank Credit card
pins. In most cases, if one loses the number, the number of protocols that will have to be gone
through to reach the password custodian, given that most card providers have millions of users,
is tedious and more expensive than attaining another card. This case leads to banks using new
cards. These cards, however, are system protections, because they assist the users to get into the
banking system and view their details or carry other authenticated activities such as depositing
money, printing mini-statements, withdraw fund, request and receive overdrafts alongside other
activities. The mentioned drawback, however, has been averted with modern technologies Key
cryptography is the main mechanism that is used to confiscate system. There are cards that have
the certificate revocation lists. Automatically, the user gets another mail immediately the
certificate is revoked. This is a smartcard security protection since no one has a burden of
keeping certificates. In fact, the information technology servers do not design password, neither
does the user. However, the user gets the new security code through their preferred
communication model. An example is through a short message service, or through email. In
cases of need to get into the system, the administrator cannot manipulate the system to get the
code, but rather, can access personal details through taking an administrator login, and in most
cases, the user’s card is frozen at the time of any investigation
Encryption technologies
Since the pace at which advancement in technology is similar to that of threats that new
technologies encounter. Players in the technology field have tried hard to remain ahead of the
people with malicious thinking every wake of the day. It has reached a level where the clean
guys wait for the bad guys to apply their new inventions while advancing attacks to networks,
systems or data warehouses then pick up the lessons on how to improve on the loopholes the bad
guys exercised. However, organization networks and systems including data and generally the
associated information have been under the intense target and still continue to be unless the
course of malice among the bad guys changes in the near future. Threats to organization
information technology infrastructure are perpetrated by both outsiders and insiders. Such
realities have even forced various IT security management teams to apply rules believed to be a
little bit discriminative in terms of access levels and overall system manipulation by the
employees themselves. Encryption technologies are just a few of the many mechanisms being
put in place to help reduce attacks on company websites, systems, and data warehouses.
Encryption technologies have helped organizations to achieve confidentiality in the
management of information assets. Of course, there are known methods of conducting data
encryption. In the organizational setup, the procedure for encryption must be documented so that
it becomes organizational and not individual-based. Critical organizational data, like in the case
of Madison Hospital, would be patient health record, financial information, strategic plan, and
many others would be encrypted so that only most trusted staff, probably those in the
management, would have the decrypting key. Encryption so far is the most trusted method of
ensuring information confidentiality. There are mainly two methods of implementing encryption;
symmetric encryption and asymmetric encryption. With symmetric encryption, the organization
chooses to stick with same passcode key which encrypts at the senders’ end and also decrypts at
the recipient’s end. The passcode can then be shared among employees trusted to handle
organization encryption matters. On the other hand, the asymmetric encryption involves a
mathematical algorithm that utilizes both primary key and a private one. Now inside the
organization, one uses their primary key to send a set of information which is decrypted from the
receiver’s end using the sender’s private key.
Email Security
Phishing, spear-phishing and ransomware attacks are the main models of attack that
cyber attackers use. The model is very applicable in email attacking. In strategizing email
security, it is important to understand how scams work. The first step is mining information and
any details about system users .They use the details to search social networks such as LinkedIn.
In the process, they can get valuable information such as contacts or email addresses. In addition,
the cyber scammers are able to collect data about a given system user from resumes, mostly
uploaded to insecure sights where employers can reach them. The hackers use details in emails
or use emails to send phishing and spear phishing codes to the user. Most target groups just click
the links, and data is permitted to get through to the cyber attacker.
To date, email has remained to be the primary method of corporate communication. For
that reason, a lot of efforts should be channeled towards securing email environment (Anantha et
al., 2018). Majority of reported hacking cases in organizations have always either began from
either the email environment or used email to advance the malicious acts. In the Madison
Hospital, email is the remains to be the leading medium of communication among the staff
themselves and also between nurses, physicians, and patients. Looking at the security status of
email communication in the hospital, an impression of a high level of carelessness clearly comes
out. The staff mainly leaves their email accounts logged on, majority of passwords used are weak
ones and as commented by one of the staff seems to have lasted for a very long time (Ali, Khan
& Vasilakos, 2015). In the last three months alone, eleven staff members have had complaints
with suspected spam messages sent to their inboxes. Four of them who opened the links said that
their PCs restarted immediately. Two of the four whose computers restarted later own found out
that their recent inbox messages got deleted permanently.
Encryption has always been one of the best ways to ensure email security. Of course, the
encryption effort must be complemented with other practices such as having strong passwords in
place, always login in from safe browsers and login out immediately one is done with whatever
took them online. Email users can also adopt ways of handling spam messages to reduce their
potential effect impact. An email user can choose to delete a spam message without opening it or
simply letting it disappear on its own (Anantha et al., 2018). The safest way, however, is having
the mail server protected by a firewall at the network gateway. This would help detect malicious
codes targeting emails and block them before they gain access to the organization’s network.
Encryption, standard practices of using email and having a firewall installed at the mail server
ordinarily helps in ensuring secure emails. …
Purchase answer to see full

Order a unique copy of this paper
(550 words)

Approximate price: $22

Our Basic features
  • Free title page and bibliography
  • Plagiarism-free guarantee
  • Unlimited revisions
  • Money-back guarantee
  • 24/7 support
Our Options
  • Writer’s samples
  • Expert Proofreading
  • Overnight delivery
  • Part-by-part delivery
  • Copies of used sources
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

AcademicWritingCompany guarantees

Our customer is the center of what we do and thus we offer 100% original essays..
By ordering our essays, you are guaranteed the best quality through our qualified experts.All your information and everything that you do on our website is kept completely confidential.

Money-back guarantee always strives to give you the best of its services. As a custom essay writing service, we are 100% sure of our services. That is why we ensure that our guarantee of money-back stands, always

Read more

Zero-plagiarism tolerance guarantee

The paper that you order at is 100% original. We ensure that regardless of the position you are, be it with urgent deadlines or hard essays, we give you a paper that is free of plagiarism. We even check our orders with the most advanced anti-plagiarism software in the industry.

Read more

Free-revision guarantee

The thrives on excellence and thus we help ensure the Customer’s total satisfaction with the completed Order.To do so, we provide a Free Revision policy as a courtesy service. To receive free revision the Academic writing Company requires that the you provide the request within Fifteen (14) days since the completion date and within a period of thirty (30) days for dissertations and research papers.

Read more

Privacy and Security policy

With, your privacy is the most important aspect. First, the academic writing company will never resell your personal information, which include credit cards, to any third party. Not even your lecturer on institution will know that you bought an essay from our academic writing company.

Read more

Adherence to requirements guarantee

The academic writing company writers know that following essay instructions is the most important part of academic writing. The expert writers will, therefore, work extra hard to ensure that they cooperate with all the requirements without fail. We also count on you to help us provide a better academic paper.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2020 at 10:52 AM
Total price:
The price is based on these factors:
Customer Academic level
Number of pages required
Urgency of paper