Step 2: Threats

Now that you have defined the hospital’s information system infrastructure, you will have to understand what are the threats to those systems and describe the types of measures that could address those threats. In this section, you will learn about different types of identity access management solutions and how they protect against the threat of unauthorized access.

To complete this section of the report, you’ll brush up on your knowledge of threats by reading the following resources: web security issues, insider threats, intrusion motives/hacker psychology, and CIA triad. Take what you learned from these resources to convey the threats to the hospital’s information systems infrastructure. Include a brief summary of insider threats, intrusion motives, and hacker psychology in your report as it relates to your hospital data processing systems. Relate these threats to the vulnerabilities in the CIA triad.

This section of your report will also include a description of the purpose and components of an identity management system to include authentication, authorization, and access control.  Include a discussion of possible use of laptop devices by doctors who visit their patients at the hospital, and need access to hospital PHI data. Review the content of the following resources.  As you’re reading, take any notes you think will help you develop your description.

1. Authorization
2. Access control
3. Passwords
4. Multi-factor authentication

Next, expand upon your description.  Define the types of access control management to include access control lists in operating systems, role-based access controls, files, and database access controls. Define types of authorization and authentication and the use of passwords, password management, and password protection in an identity management system. Describe common factor authentication mechanisms to include multi-factor authentication.

You will include this information in your report.