Database security assessment | Computer Science homework help

Database Security Assessment Transcript You are a contracting officer’s technical representative, a Security System Engineer, at a military hospital. Your department’s leaders are adopting a new medical health care database management system. And they’ve tasked you to create a request for proposal for which different vendors will compete to build and provide to the hospital. A Request For Proposal, or RFP, is when an organization sends out a request for estimates on performing a function, delivering a technology, or providing a service or augmenting staff. RFPs are tailored to each endeavor but have common components and are important in the world of IT contracting and for procurement and acquisitions. To complete the RFP, you must determine the technical and security specifications for the system. You’ll write the requirements for the overall system and also provide evaluation standards that will be used in rating the vendor’s performance. Your learning will help you determine your system’s requirements. As you discover methods of attack, you’ll write prevention and remediation requirements for the vendor to perform. You must identify the different vulnerabilities the database should be hardened against.

Modern healthcare systems incorporate databases for effective and efficient management of patient healthcare. Databases are vulnerable to cyberattacks and must be designed and built with security controls from the beginning of the life cycle. Although hardening the database early in the life cycle is better, security is often incorporated after deployment, forcing hospital and healthcare IT professionals to play catch-up. Database security requirements should be defined at the requirements stage of acquisition and procurement. 

System security engineers and other acquisition personnel can effectively assist vendors in building better healthcare database systems by specifying security requirements up front within the request for proposal (RFP).  In this project, you will be developing an RFP for a new medical healthcare database management system.

Parts of your deliverables will be developed through your learning lab. You will submit the following deliverables for this project:

Deliverables

• An RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list with the report.

• An MS-Excel spreadsheet with lab results.

There are 11 steps in this project. You will begin with the workplace scenario and continue with Step 1: “Provide an Overview for Vendors.”

Step 1: Provide an Overview for Vendors

As the contracting officer’s technical representative (COTR), you are the liaison between your hospital and potential vendors. It is your duty to provide vendors with an overview of your organization. To do so, identify information about your hospital. Conduct independent research on hospital database management. Think about the hospital’s different organizational needs. What departments or individuals will use the Security Concerns Common to All RDBMS, and for what purposes?

Provide an overview including the types of data that may be stored in the system and the importance of keeping these data secure. Include this information in the RFP. 

After the overview is complete, move to the next step to provide context for the vendors with an overview of needs.

Step 2: Provide Context for the Work 

Now that you have provided vendors with an overview of your hospital’s needs, you will provide the vendors with a context for the work needed.

Since you are familiar with the application and implementation, give guidance to the vendors by explaining the attributes of the database and by describing the environment in which it will operate.

It is important to understand the vulnerability of a relational database management system (RDBMS). Read the following resources about RDBMSs.

• error handling and information leakage

• insecure handling

• cross-site scripting (XSS/CSRF) flaws

• SQL injections

• memory leakage

• insecure configuration management

• authentication (with a focus on broken authentication)

• access control (with a focus on broken access control)

Describe the security concepts and concerns for databases.

Identify at least three security assurance and security functional requirements for the database that contain information for medical personnel and emergency responders.

Include this information in the RFP.

In the next step, you will provide security standards for the vendors.

Step 3: Provide Vendor Security Standards

In the previous step, you added context for the needed work. Now, provide a set of internationally recognized standards that competing vendors will incorporate into the database. These standards will also serve as a checklist to measure security performance and security processes. 

Read the following resources to prepare:

• Database Models

• Common Criteria (CC) for information technology security evaluation

• evaluated assurance levels (EALs)

• continuity of service

Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks. 

Include these security standards in the RFP.

In the next step, you will describe defense models for the RFP.

Step 4: Describe Defense Models

Now that you have established security standards for the RFP, you will define the use of defense models. This information is important since the networking environment will have numerous users with different levels of access. 

Provide requirements in the RFP for the vendor to state its overall strategy for defensive principles. Explain the importance of understanding these principles. To further your understanding, click the link and read about defensive principles.

Read these resources on enclave computing environment: 

• enclave/computing environment

• cyber operations in DoD policy and plans

Explain how enclave computing relates to defensive principles. The network domains should be at different security levels, have different levels of access, and different read and write permissions.  

Define enclave computing boundary defense.

Include enclave firewalls to separate databases and networks. 

Define the different environments you expect the databases to be working in and the security policies applicable. 

Provide this information in the RFP. 

In the next step, you will consider database defenses.

Step 6: Provide a Requirement Statement for System Structure

In the previous step, you identified defense requirements for the vendor. In this step of the RFP, you will focus on the structure of the system.

Provide requirement statements for a web interface to:

a. Allow patients and other healthcare providers to view, modify, and update the database. 

b. Allow integrated access across multiple systems.

c. Prevent data exfiltration through external media.

State these requirements in the context of the medical database. Include this information in the RFP. 

In the next step, you will outline operating system security components.

Step 7: Provide Operating System Security Components

In the previous step, you composed requirement statements regarding the system setup. In this step, you will provide the operating system security components that will support the database and the security protection mechanisms. 

Read these resources on operating system security. Then:

a. Provide requirements for segmentation by operating system rings to ensure processes do not affect each other.

b. Provide one example of a process that could violate the segmentation mechanism. Ensure your requirement statements prevent such a violation from occurring.

Specify requirement statements that include a trusted platform module (TPM), in which a cryptographic key is supplied at the chip level. In those specifications:

a. Describe the expected security gain from incorporating TPM.

b. Provide requirement statements that adhere to the trusted computing base (TCB) standard.

c. Provide examples of components to consider in the TCB.

d. Provide requirements of how to ensure protection of these components, such as authentication procedures and malware protection.

Read the following resources to familiarize yourself with these concepts:

• trusted computing

• trusted computing base

Include this information in the RFP. 

In the following step, you will write requirements for levels of security.

Step 8: Write Requirements for Multiple Independent Levels of Security

The previous step required you to identify operating system security components to support the database. For this step, you will focus on identification, authentication, and access. Access to the data is accomplished using security concepts and security models that ensure confidentiality and integrity of the data. Refer to access control and authentication to refresh your knowledge.

The healthcare database should be able to incorporate multiple independent levels of security (MILS) because the organization plans to expand the number of users.

Write requirement statements for MILS for your database in the RFP. 

a. Include the definitions and stipulations for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula Model, and the Chinese Wall Model. 

b. Indicate any limitations for the application of these models. 

Read the following resources and note which cybersecurity models are most beneficial to your database:

• multiple independent levels of security (MILS)

• cybersecurity models

• insecure handling

Include requirement statements for addressing insecure handling of data.

Include this information in your RFP. 

In the next step, you will consider access control.

Step 9: Include Access Control Concepts, Capabilities

In the previous step, you wrote requirements for multiple levels of security, including the topics of identification, authentication, and access. In this step, you will focus on access control. The vendor will need to demonstrate capabilities to enforce identification, authentication, access, and authorization to the database management systems. 

Include requirement statements in the RFP that the vendor must identify, the types of access control capabilities, and how they execute access control.

Provide requirement statements for the vendor regarding access control concepts, authentication, and direct object access. 

Include the requirement statements in the RFP.

In the next step, you will incorporate additional security requirements and request vendors to provide a test plan.

Step 10: Include Test Plan Requirements

In the previous step, you defined access control requirements. Here, you will define test plan requirements for vendors.

Incorporate a short paragraph requiring the vendor to propose a test plan after reviewing these guidelines for a test and remediation results (TPRR) report.

Provide requirements for the vendor to supply an approximate timeline for the delivery of technology. 

Step 11: Compile the RFP Document

In this final step, you will compile the RFP for a secure healthcare database management system. Review the document to make sure nothing is missed before submission. Submit the following deliverables to your assignment folder.

Deliverables:

• An RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list with the report.

Essay Help
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.