Free Paper Example on Network Security Plan for the Health Systems

Introduction

The enterprise-wide network security plan for the health systems describes the specific policies as well as the standards for ensuring the privacy and integrity of the various facets of a network in the organization. Developing the enterprise-wide security policies, standards, as well as procedures, is a challenging task in the health system. However, this plan is focused on the development of security policies as well as standards of the health system basing on the level of information technology. It is focused on consistent, which affects the overall security of the entire organization with the IT security needs to be integrated. With the security breaches becoming common, the healthcare institutions have been impacted. Healthcare continues to be a lucrative target for hackers with ransomware as well as cloud storage mishaps and phishing emails. The threats have continued for several years, with cybercriminals becoming more crafty and creative.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Prime Target

The healthcare industry has been a prime target for information theft as it has lagged in securing critical data as well as medical information. Therefore, it has become imperative for healthcare providers to invest time as well as funding in maintaining and ensuring the protection of healthcare technologies. Proactive security in healthcare is, therefore, essential in predicting the threats the institution might face while acquiring offensive posture for protecting patient data from security breaches. Developing and adhering to a comprehensive plan requires the health care organization to meet the needs of the company as well as the level of risk and culture. As a result, the enterprise-wide network security plan for the health systems work cross-functionally throughout the organization to educate and partner with departments to help the employees understand the impact of the breach as well as the significance of establishing a systematic and robust security posture—the plan focus on the systematic approach to IT security that protects the patient data. The plan entails various steps for effective IT security plan for the healthcare system. The plan entails IT specifications for the150-bed maternity building scheduled to be built at Health Systems, Inc.

Firstly, it entails running risk assessments. An initial risk assessment is conducted to establish the assets, the systems, as well as devices that require protection in the healthcare system. Once these assets have been identified, the risk target level is assigned based on the cybercriminals change that needs to be adapted quickly.

Secondly, a security culture has to be established in the healthcare organization. The security checklist alone is not enough for a reliable security plan for the healthcare organization. It requires establishing an active culture of security to support proper information security for the critical patient data that is always at risk. Every individual in the organization has to subscribe to a shared vision of data security for the best practices.

Thirdly, there is a need to review the IT security policies as well as procedures. This is to ensure that IT security trends are kept up. Reviewing the security policies and standards ensures that they match the current threat level as well as craftiness of the cybercriminals to defend the health care sector form the cyberattacks. The policies have to ensure effective measures for controlling the access to the patient information to minimize the risks to electronic healthcare records.

Besides, educating the health care institution employees about the security best practices is paramount. The healthcare sector has to allocate budget to employee training as well as awareness programs and systems to secure environments. Since hackers look for the weakest link in the security plan, the employees have to be aware to recognize and avoid security threats such as phishing emails.

Also, a disaster recovery plan in the security plan for the healthcare sector is essential for implementing effective strategies for preventing breaches, thus minimizing the unscheduled downtime.

Common Vulnerabilities, Risks, and Issues the Plan Will Address

The enterprise-wide network security plan for the health systems will address various threats to the internal assets while helping the organization define and protect the patients' data. The threats to assets in the healthcare systems can be classified in disclosure, interruption as well as modification and destruction. The threats this plan will address can also be viewed as deliberate, accidental as well as environmental events originating from outside or inside of the information technology of the organization. As a result, the enterprise plan will concentrate on the consequences of these threats such as the loss of assets, embarrassment as well as unavailability of services, reputation and trust and the violation of regulations and law.

The risks and issues the enterprise-wide network security plan will address for the health care sector can be measured in terms of the potential loss occurring due to the exploitation of the known vulnerability to the system. Identifying, analyzing and assessing the risk entails effective risk management that provides the solution to what happens to the assets basing in the current vulnerabilities as well as the level of risk. The vulnerabilities to be reduced by the plan range from the threats posed to the network, telephone as well as the scanning tools.

Policies Protecting the Hardware and Physical Aspects of the Network

Protecting the hardware and physical aspects of the network for the health care institution entails developing an effective security policy. Firstly, there is a need for commitment ranging from the management level to the employee level. The management has to be mindful of the potential security risks and threats to the internals assets. Besides, they need a clear understanding of the consequences of inadequate security. Demonstrating effective security policies requires a high level of security awareness. Ensuring that every individual is committed to the security in the institution requires the recognition of the security significance based on the developed security policies as well as standards and procedures.

Protecting the hardware and physical aspects of the network also requires the institution to allocate funds and resources to various projects while assigning representations from an enterprise security committee. Besides, the institution has to establish a security infrastructure by allocating sufficient resources to the security project, including management as well as IT administration programs.

The security personnel have to be provided with security training based on the detailed information for the project responsibilities and instruction on information technology security. Training the employees is an excellent mechanism for communicating the security details. It entails communication of various tasks for the institution security progress.

Hardware Areas That Need to Be Secured

Several hardware areas need to be secured, which is a security requirement for the enterprise network security plan for the health care system. These areas include the workstations, servers as well as printers, routers and local area networking components. A clear understanding of these hardware areas will ensure the enterprise network security plan offer protection based on the threats that could potentially harm the system. The hardware assets can be categorized into tangible and intangible, and they have to be identified based on their value to the organization. Besides, expenditures for the safeguarding should be incorporated into the plan.

Starting from the heart of the network, the institution has the MDF that house demark, web server, network equipment racks, and cabling systems. Each floor has an IDF which leads cable to each work station, and wireless access spots for the laptops (MDF and IDF - CompTIA Network+ N10-006 - 5.7., 2015). It is essential to consider all the necessary components when developing a networking system for a company. A network system has standards that provide the framework for the success and the overall efficiency of the company.

Steps to Taken to Ensure the Security of the Operating Systems and Network Files

Ensuring the security of the operating systems as well as the network networks entails active network connections both internal to other business units as well as external to branch offices. It requires creating an opportunity for security providers. The enterprises, therefore, should have consistent security goals and ensure information system resources are utilized appropriately. Security is an essential component of the organization; thus, the policies adopted have to meet the legal and regulatory requirements to prevent financial loss as well as the loss of confidentiality. Preventing misuse of service and system information requires effective policies for the collection, use as well as the disclosure of personal information.

Conclusion

Protecting the transfer of data for the remote employees entails determining security requirements for the institution. Therefore, the organization has to have a clear understanding of the assets that require protection and the likely threats that could potentially harm the system. Asset identification based on the corresponding value assignments is essential for protecting the transfer of data for the remote employees.

It is important to identify the devices that transmit essential data on the network because they will require TCP, quires from the public can use UDP for exchanging information (Bischoff, 2019). Setting standards as you develop the Health System Network will create a reliable network for the Hospital and its staff.

References

Bischoff, P. (2019, January 5). UDP vs TCP: What are they and how do they differ? Comparitech. https://www.comparitech.com/blog/vpn-privacy/udp-vs-tcp-ip/

MDF and IDF - CompTIA Network+ N10-006 - 5.7. (2015, May 20). Retrieved July 26, 2020, from
https://www.professormesser.com/network-plus/n10-006/mdf-and-idf/

Shaw, K. (2018, October 22). The OSI model explained: How to understand (and remember) the 7-layer network model. Retrieved July 20, 2020, from
https://www.networkworld.com/article/3239677/the-osi-model-explained-how-to- understand-and-remember-the-7-layer-network-model.html

West, J., Dean, T., & Andrews, J. (2019). CompTIA Network guide to networks [8th Edition]. doi:
https://capella.vitalsource.com/#/books/9780357088586/cfi/6/14!/4/4/2/2/2@0:0Ch.1