Patton-Fuller Request for Proposal
Essay by gcox31750 • June 18, 2015 • Term Paper • 4,214 Words (17 Pages) • 1,347 Views
Patton-Fuller Request for Proposal
CMGT/554
December 8, 2014
Table of Contents
Patton-Fuller Request for Proposal 4
Network Design Considerations 4
Encryption 5
Security Recommendations 5
Network Architecture Diagram 6
Data Storage 7
Current Systems 7
Accessibility Requirements 8
Legal Requirements 8
Security Requirements 9
Storage Recommendations 10
Recommended Systems 10
Business and Medical Systems 10
Effect of New Systems 11
Network Equipment Upgrades 12
Viable Network Access Options 12
Effect of Mobile Devices 13
Role of Networking and Mobile Devices 14
Return on Investment Possibilities 14
Probable Effects of Social Networking 15
Effects of Mobile Computing 15
Delivery of Services 16
Information Delivery Trends 16
Conclusion 17
Patton-Fuller Request for Proposal
The chief executive officer (CEO) has requested a project plan for upgrading Patton-Fuller Community Hospital’s (PFCH) systems over the next three years (Apollo Group, 2014). The goal of the project is to improve the hospital’s operational capabilities and security through the use of modern information technology (IT), such as mobile devices, enhanced encryption, and monitoring systems. An assessment of PFCH’s current networking and computing systems will provide an understanding of operational requirements and a framework for identifying potential areas for improvement. The following project plan includes a detailed description of the PFCH’s operational, functional, and security requirements as well as recommendations for enhancing IT infrastructure. The project plan includes a comprehensive analysis of existing systems, potential upgrades, functional and operational requirements, and return on investment (ROI) possibilities.
Network Design Considerations
Information security is vital to all organizations using any form of digital communications. The IT department at PFCH has identified the requirements for implementing the new security control policy for data protection as well as an updated network configuration. The new policy and network design must include security measures to ensure the confidentiality, integrity, and availability of information systems with cost-effective solutions, and reliable performance. The Security Officer has determined that all data stored on file servers and workstations must authenticate through an active directory, which utilizes public key infrastructure (PKI). PKI is a form of single-factor authentication that can be significantly weaker than other encryption methods. Additionally, the new configuration must address concerns related to performance, security, and reliability with security systems, isolated sub-networks with wireless access, and redundant connections. The following material addresses the cost-effectiveness of various encryption methods, the recommended method, and a proposed design for the network.
Encryption
The basic function of encryption is altering readable text, referred to as plaintext, into a secret format known as ciphertext (DataShield, 2013). All external communications that include personal identifiable information (PII) will use Asymmetric encryption, which uses a private key and a public key to perform encryption and decryption. PKI as it relates to bandwidth will be slower than if symmetric, or private key, encryption is used (Forward, 2002). Minimal latency in the bandwidth will occur when using public key infrastructure and an asymmetric method, but it will provide better data protection compared to a symmetric method. PKI is the most cost-effective option and has less effect on internal and external communications. In-house solutions to facilitate the IT security department’s management of security keys in combination with PKI use is estimated at 1,350,500 dollars over a three-year period (TrustCenter, 2008). According to TrustCenter (2008), the average per user/per year cost for PKI implementations over a three-year period is 90 dollars. Implementation of data encryption must be supported by other information security measures and controls, such as physical protection, authentication systems, audits and monitoring and tracking systems. Utilization of the proposed policy will provide a cost-effective, manageable, and reliable method for reducing the risk of unauthorized access to personal or business information stored on the network (Scarfone, Souppaya, & Sexton, 2007).
Security Recommendations
Data on the network should be encrypted at either layer two or three of the Open Systems Interconnection (OSI) model. Encrypting data at layer two or three is preferred for time-sensitive requests and heavily used connections. Layer two encryption provides a method for utilizing the multipoint and multicast capabilities of the transport and the encryption at layer two. Layer three is elastic in terms of device selection allowing multifaceted environments to be mapped at layer three. The multifaceted environments allow more secure locations with gateways, stationary and mobile clients; however, layer three cannot achieve the same speeds as layer two. Advanced Encryption Standard (AES) is the recommended method of encryption; Triple Data Encryption Standard (3DES) requires up to three times as much processing power and relies on shorter keys that are more vulnerable to attacks involving cryptanalysis software. AES provides more reliable security, improved software and hardware performance, viability in limited space settings, and superior resistance to side channel attacks targeting cryptographic hardware, crypto analysis, and application attacks (Brazil, 2014).
Network Architecture Diagram
...
...