Patton-Fuller Request for Proposal

Patton-Fuller Request for Proposal

CMGT/554

December 8, 2014

Table of Contents

Patton-Fuller Request for Proposal 4

Network Design Considerations 4

Encryption 5

Security Recommendations 5

Network Architecture Diagram 6

Data Storage 7

Current Systems 7

Accessibility Requirements 8

Legal Requirements 8

Security Requirements 9

Storage Recommendations 10

Recommended Systems 10

Business and Medical Systems 10

Effect of New Systems 11

Network Equipment Upgrades 12

Viable Network Access Options 12

Effect of Mobile Devices 13

Role of Networking and Mobile Devices 14

Return on Investment Possibilities 14

Probable Effects of Social Networking 15

Effects of Mobile Computing 15

Delivery of Services 16

Information Delivery Trends 16

Conclusion 17

Patton-Fuller Request for Proposal

The chief executive officer (CEO) has requested a project plan for upgrading Patton-Fuller Community Hospital’s (PFCH) systems over the next three years (Apollo Group, 2014). The goal of the project is to improve the hospital’s operational capabilities and security through the use of modern information technology (IT), such as mobile devices, enhanced encryption, and monitoring systems. An assessment of PFCH’s current networking and computing systems will provide an understanding of operational requirements and a framework for identifying potential areas for improvement. The following project plan includes a detailed description of the PFCH’s operational, functional, and security requirements as well as recommendations for enhancing IT infrastructure. The project plan includes a comprehensive analysis of existing systems, potential upgrades, functional and operational requirements, and return on investment (ROI) possibilities.

Network Design Considerations

Information security is vital to all organizations using any form of digital communications. The IT department at PFCH has identified the requirements for implementing the new security control policy for data protection as well as an updated network configuration. The new policy and network design must include security measures to ensure the confidentiality, integrity, and availability of information systems with cost-effective solutions, and reliable performance. The Security Officer has determined that all data stored on file servers and workstations must authenticate through an active directory, which utilizes public key infrastructure (PKI). PKI is a form of single-factor authentication that can be significantly weaker than other encryption methods. Additionally, the new configuration must address concerns related to performance, security, and reliability with security systems, isolated sub-networks with wireless access, and redundant connections. The following material addresses the cost-effectiveness of various encryption methods, the recommended method, and a proposed design for the network.

Encryption

The basic function of encryption is altering readable text, referred to as plaintext, into a secret format known as ciphertext (DataShield, 2013). All external communications that include personal identifiable information (PII) will use Asymmetric encryption, which uses a private key and a public key to perform encryption and decryption. PKI as it relates to bandwidth will be slower than if symmetric, or private key, encryption is used (Forward, 2002). Minimal latency in the bandwidth will occur when using public key infrastructure and an asymmetric method, but it will provide better data protection compared to a symmetric method. PKI is the most cost-effective option and has less effect on internal and external communications. In-house solutions to facilitate the IT security department’s management of security keys in combination with PKI use is estimated at 1,350,500 dollars over a three-year period (TrustCenter, 2008). According to TrustCenter (2008), the average per user/per year cost for PKI implementations over a three-year period is 90 dollars. Implementation of data encryption must be supported by other information security measures and controls, such as physical protection, authentication systems, audits and monitoring and tracking systems. Utilization of the proposed policy will provide a cost-effective, manageable, and reliable method for reducing the risk of unauthorized access to personal or business information stored on the network (Scarfone, Souppaya, & Sexton, 2007).

Security Recommendations

Data on the network should be encrypted at either layer two or three of the Open Systems Interconnection (OSI) model. Encrypting data at layer two or three is preferred for time-sensitive requests and heavily used connections. Layer two encryption provides a method for utilizing the multipoint and multicast capabilities of the transport and the encryption at layer two. Layer three is elastic in terms of device selection allowing multifaceted environments to be mapped at layer three. The multifaceted environments allow more secure locations with gateways, stationary and mobile clients; however, layer three cannot achieve the same speeds as layer two. Advanced Encryption Standard (AES) is the recommended method of encryption; Triple Data Encryption Standard (3DES) requires up to three times as much processing power and relies on shorter keys that are more vulnerable to attacks involving cryptanalysis software. AES provides more reliable security, improved software and hardware performance, viability in limited space settings, and superior resistance to side channel attacks targeting cryptographic hardware, crypto analysis, and application attacks (Brazil, 2014).

Network Architecture Diagram