Reference no: EM132553532

CI7300 Data Management and Governance - Kingston University London

Coursework Brief

Part A: Cryptography

A small private healthcare organization has contracted you to investigate the requirements of encryption in their information systems and to develop a robust policy for its use. Write a formal report outlining your findings and presenting your recommendations.

Some topics you could address:

1. The range of documents and messages to be encrypted, e.g. Electronic Health Records (HER), Electronic Patient Records (EPR) and their security requirements.
2. The different objectives of the deployed cryptosystems, i.e. Confidentiality, Integrity, Authentication.
3. The specific cryptographic algorithms and architectures available, along with their relative advantages and drawbacks. Which will be best suited for which purposes?
4. How will the cryptographic protection of static documents (e.g. those stored on a server) differ from that of documents in transit (e.g. transferred within and between sites)?
5. Will there be issues of compatibility between the organization's cryptographic policy, and that of the NHS?
6. How will your solution scale with the possible future development of the organization?
7. How will cryptographic keys (and certificates) be created and managed?
8. How will the different levels of authorization within the organization be managed?
9. How will the effectiveness of your solution be monitored and assessed?

These are only suggestions: your report will likely not cover all of themand you may discover others of equal importance whichyou might want to address. (Please contact the assessor if you have any concerns.) You may draw upon the material taught in class and/or your own independent research, but make sure you cite all your information sources. Feel free to make any assumptions you feel are necessary, but state and justify these.

Suggested word-count:2,000

Part B: Data Governance and Identity Theft

Select an identity theft story from the media or from the literature or stories you heard of or experienced.In order to contain the scope of the assignment, it is suggested you focus on two issues for the Health Information Governance.

In this Part you are required to Identify and discuss the following:

• The strength and weaknesses of the approach that was adopted. Describe the symptoms of what went well or badly.
• What the theory and standards suggest you should do. Based on the course materials or other sources, describe what the theory suggests that you should do.
• Say what you would do if you had time again or if faced with the same problem of Health information governance and network security.

Suggested word-count: 1,500

Part C: Network Security

Network infrastructures allowing access to biomedical information, accounting, and admissions can potentially improve patient care and lower medical costs. However, they also introduce security threats due to malware, unauthorized access and human error.

There are many network security tools available to combat these threats but these are only effective if used in accordance with a well-structured security policy, and monitored and assessed in line with established best practices.

In this Part you are required to:

1. Identify and discuss the specific assets relevant to a typical healthcare network.
2. For a subset of critical assets, identify typical threats and assess vulnerabilities.
3. Building upon the above, perform a risk analysis for this typical healthcare network.
4. Design security controls mitigating the risk as identified. Discuss the strengths and weaknesses of these controls and how they complement each other in an effective secure design.
5. On the basis of this formulate an appropriate basic security policy for an organisation in charge of that network.
Feel free to make any assumptions you feel are necessary, but be sure to state and justify these.

Suggested word-count: 1,000

Report

Each Part will be assessed by a separate report, but these should be combined into a single document for submission. These should include diagrams, tables etc. where appropriate. (Where these are taken from other documents, references should be cited).

Recommended structure (for each individual report)

Introduction
• Background (including technological background).
• The issues which are discussed in your report.
• A brief summary of the report structure.
Main body of report
• Do not call it that - it could be composed of several different sections.
Conclusion and Recommendations
• What lessons were learned from the exercise?
• How are the findings potentially helpful?
References
• All major sources of information should be acknowledged.
• Referencing should be in an appropriate academic style (e.g. Harvard).