Team Assignment
Written by: Kevin Alton, Nadia Iqbal, and Alex Polevoy
July 2015
Table of Contents
Introduction.…………………………………………………………………..………….3
Section I: iTrust Threats & Vulnerabilities and Countermeasures.……………..…………..3
Section II:
Recommended Changes to Security Management Policies………...……………..7
Section III:
Adaption of Requirements to Reduce Security Risk……….……………....…......11
Conclusion. …………………………………….…………………………………….…21
References ……………………………………………………………...………………23
Introduction …show more content…
Access control for the Emergency Responder role lacks the capability to restrict individuals from patient data while not functioning in the capacity as an Emergency Responder. Furthermore, unauthenticated database access creates the possibility of exposing sensitive data by means of simple queries.
The lack of a viable access and authentication control mechanism can be remedied with a secure identity access solution such as Microsoft’s Forefront Identity Manager (FIM). FIM is capable of providing preventative role-based access control, rule-based analytics of access, automated user provisioning and deprovisioning of user accounts, and access recertification and attestation. FIM is also able to control user logon time restrictions along with defined session timeouts for user inactivity on portable or remote access connections. With the implementation of FIM, iTrust is capable of improving security, tightening access control, and auditing compliance while adhering to the HIPAA security access control specifications.
SQL Injection Attack HIPAA requirements stipulate that covered entities must have procedures for safeguarding data. The new iTrust requirements will require a complex amount of custom and modified code for implementation. These code changes introduce vulnerabilities in the front-end application website and back-end database.