Case Study:
Metro healthcare provides healthcare services across Australia with Melbourne and Sydney as the headquarters. Metro deploys a complex networked information system that seamlessly integrates the hospital Internet and Intranet. The solution division is responsible for the management of the information system (patient health records, administrative records, personnel records, etc.) and the infrastructure at the headquarters. Metro employs about 500 personnel that include permanent employees and contractors (doctors, nurses, technologists, administrators, IT staffs, etc.). The personnel system maintains employee details such as, name, date of birth, marital status, academic qualifications, professional qualifications, previous employment details, pay, etc. The patient system is maintained primarily to provide patient care. It contains sufficient information to identify a given patient, support the diagnosis, justify the treatment, document the course and results of treatments, and facilitate the continuity of ech patient’s care. It is also used for financial and other administrative processes, outcome measurement, research, education, patient self-management, disease prevention, and public health activities. Metro uses state-of-art security solutions such as antivirus products, firewalls with built-in intrusion detection and prevention features, host-based intrusion detection system (IDS) installed on critical servers, authentication devices such as biometric smart cards and encryption algorithms for protecting sensitive records. Also, workstation left inactive for more than 2 minutes self-lock automatically and users must sign-in to activate it.
Set Tasks:
- List and explain two different possible and credible ways that the patient data could leak out. [4 marks]
- Given the mission statement of Metro shown below, explain how information security management helps Metro to realize its mission. [4 marks]
“Metro’s mission is to provide high quality health care services to mental illness patients in a least restrictive and non-stigmatizing environment.”
- Describe why having firewalls with built-in intrusion detection and prevention without a formal incident response plan has little value to Metro healthcare. [2 marks]
General Requirements:
- You must follow the guideline given in the unit guide for submitting your assignment. Your submission must be in a form readable by Microsoft Word or PDF/Acrobat format. Do not zip the file when you upload it on the CloudDeakin.
- Each question should be answered individually with the corresponding label (e.g. Task 1).
- Assignment submitted late without documented approval of the Unit Chair will be penalized.
- Assignments that are submitted after the submission date will be subject to a mark penalty equal to 10% of the marks per day of the marks available for the piece of work, up to and including three days after the published due date. Assignments submitted more than three days after the published submission date will not be marked.
- Marks will be allocated to construction of, and support for, your analysis and evaluation as well as presentation, readability and referencing. Any answer deemed to be outside the scope of information security management will be given a zero mark.