Professional Documents
Culture Documents
HCIN. 544
Assignment 1B-Cyber Threats and Mitigations Strategies
Mitigation Strategies:
All these devices should be secured and never leave the office (especially the tablets) in any
way, shape or form. A security system with camera could be added for an extra layer of security
to provide against tampering or theft. There should also be no way to input information into
the physical devices via any type of external device such as an external hard drive, zip or usb
thumb drive or Cd-rom. Many workstations sold by leading manufactures come designed with
no connections for any additional peripheral devices. If there are any usb connections, cd-roms
or anything that allows for an external device then these should all be manually disabled.
Mitigation Strategies:
The router and network should be connected to a firewall. The local ISP should provide the
newest and most robust encryption. No outside devices of ANY kind, including the staff and
physicians’ own personal devices, should be able to connect to the office wi-fi. Their own
devices (phones etc) can be use their 4G connections and just have separate phones in
addition to their personal as for “business only” but still utilize their own 4G connections.
All devices connected to the network or that wish too need robust password authentication.
Either one or two layer authentication. A small office would perhaps need only one but if the
budget allows then a two layer system would be optimal. Antivirus and anti-malware software
should as well as a rigorous daily and weekly scan and security check for virus, malware and
overall network health and security.
Mitigation Strategies:
Backup should be automatic and often to avoid data loss. The main issue here is access. No
particular person (with the exception of the two partner physicians and even this should be
discussed) should be able to access too much of any particular network. This process is called
compartmentalization so that nobody can be allowed to view too much backed up or saved
information at any one time. If multiple requests of accessing info are made and/or at odd
times then this should be automatically logged and flagged. Access to backed up data should be
severely restricted.