Network Security, Cryptography & Data Governance

In this study, specific threats to network security have been discussed along with the strengths and weaknesses of the tools used to prevent the threats. An analysis and threat assessment have also been done in this study. In addition to this, the strengths and weaknesses of implementing cryptography and data governance have also been discussed.

Section A: Network Security

Identification and discussion of the specific threats that are relevant to network of healthcare network along with the tools that are available for combating the threats

Security threats:

• A Large number of mobile devices: A large number of mobile devices possess a huge threat to the security of the network within a healthcare organisation. Most of the employees and the service users use mobile devices for instant communication, making it difficult for the management to track the threat that is being injected into the network.
• Embedded devices: Embedded devices such as medication scanners, imaging devices, and patient monitoring devices, which are used for tracking and managing the productivity of an organisation. These possess a severe threat to the network security as they strain on the bandwidth as well as expose the network to various viruses injected through other devices.
• Virtualisation to servers from desktops: Most healthcare organisations develop virtualisation strategy for running multiple applications on one server (Manshaei et al.2013, p.25). Virtualisation strategy helps an organisation to reduce the energy costs and lowers carbon footprint. Moving from traditional desktops to servers in an organisation increase in the possibility of the injection of threats into the network of a healthcare organisation.
• Virus injection through social media: Healthcare organisations are not immune from the threats that could be injected into various social media sites such as Facebook, YouTube, Twitter, etc. Malware could be injected into social media sites, which makes difficult for the management of an organisation to block the threats from being injected into the network.
• IT getting consumer friendly: With the development of technology, more and more users have become friendly with the network interface, which increases the number of users of a network of a healthcare organisation.With the increase of a number of network users, a possibility of injection of threats in a network has also increased.

Security tools:

• Web proxy: Web proxy performs testing of security of the websites and web applications. Burp works as intercepting proxy by analysing inbound traffic within a secure environment and preventing injection of malicious content present on the website. Burp provides the analysts a secure line for inspecting traffic interaction with the network, which makes tough for the threats to enter a network.
• Disassembler: Disassembler software can convert executable languages into assembly language, enabling the users to view every command written in the program. Disassembler such as IDA Pro explores various binary programs and creates maps of execution of malicious files.

Identification of the strengths and weaknesses of the tools and discuss how the tools complement each other in an effective secure design

Web proxy

Strengths:

• Helps in protecting important information from being hacked by the hackers
• It is used for bypassing the blocked websites
• It helps in enhancing privacy and security level of devices of the clients while surfing using several proxies
• It helps in speeding up browsing and accessing data due to its good cache system
• With the help of good cache system, users are able to store desired data in its cache system and use it whenever required

Weaknesses:

• Due to the better cache system, passwords, websites and secured data that are stored in the cache system would be vulnerable to proxy service providers. Therefore, using paid proxy servers is recommended
• With the help of several techniques such as TLS and SSL encrypted connections, important data and information may be leaked from the encrypted network
• Accessing the blocked websites with proxy servers is a disadvantage for the students

Disassemblers

Strengths:

Disassemblers help programmers to convert programs into assembly language from an executable language. The executable language contains variables based on hardware variables, assembly language of the program contain empty variables that could be filled only when placed in a specific machine. IDA Pro helps the analysts to view malicious codes in a single step by bypassing obfuscation and making code more readable (Acemoglu et al.2016, p.536).

Weaknesses:

• Separation of code and data: As all data and instructions are stored in binary data that are executable, it makes it very difficult for the programmer to separate the code and data. It is almost impossible to correctly separate codes and data from the programs.
• Lost information: Textual identifiers can be removed by assembly processes such as label names, variable names, and macros. The textual identifiers may be still present in object files like relocating linkers and debuggers. However, a direct connection is lost and establishing the connection again requires more assemblers.

Within a healthcare organisation, the network security management officials implement web proxy and disassemblers to prevent threats to get injected into the network (Lafuente2015, p.12) Web proxy tests the network if it contains any malicious threats and prevents them entering the network. In addition to that, the disassemblers are being implemented into the systems so that the network security officials are able to view the codes of malicious threats and modify them so that they does not cause any harm to the system or network.

Threat assessment and risk analysis for healthcare network and providing security policy for the network

Threat assessment and risk analysis of the network security in a healthcare organisation is essential for identifying the security risks along with the potential impact that threats would possess on objectives of health information security. Confidentiality, integrity, and availability of data are the three main objectives of health information security. Security risk assessment aims at achieving anticipation of potential risks due to the internal and external changes. The organisation is supposed to review and capitalize the past risk analysis, conducting surveys and interviews on all departments and review the procedures and policies of an organisation. The organisation is required to identify as well as document the potential threats to the organisation. Assessment of the current security measures for safeguarding organisation is also very important.

Section B: Cryptography

Discussion on the strengths and weaknesses of using a cipher for an organisation

Strengths:

• Confidentiality:Cryptography or encryption technique guards communication and information from several unauthorised access and revelation of information (Van et al.2014, p.44). Using the cryptographic technique helps healthcare organisation from safeguarding sensitive data and information within the organisation.
• Authentication:The encryption techniques such as digital signatures and MAC helps in protecting information against forgeries and spoofing. With the help of cryptographic techniques, only the authorised officials of an organisation are able to access the important data and information within the organisation.
• Data integrity: Cryptographic hash functions assures users about the data integrity of important data and information. With the help of this technique, a healthcare organisation is able to maintain the consistency and accuracy of data.
• Non-repudiation: Digital signature gives non-repudiation service for safeguarding against disputes that could arise because of the denial by a sender of passing the message. Cryptographic techniques help healthcare organisation from preventing disputes that may occur due to denial of sending a message.

Disadvantages:

• Very strong encryption of information might make it difficult for legitimate users from accessing the information at crucial of decision-making. The network of healthcare organisation may be attacked by intruders and rendered non-functional.
• High availability of data cannot be ensured due to cryptography. Alternate methods would be required for guarding against threats such as a complete breakdown of the information system and denial of service.
• Selective access control also cannot be realised through cryptography. Administrative procedures and controls are supposed to be exercised.
• Cryptography is not able to guard the network or system against vulnerabilities as well as threats that may emerge due to poor system design, procedures and protocols (Salomaa 2013, p.44). These issues could be fixed by designing and setting up of proper and defensive infrastructure.
• Cryptography is very much costly in terms of time as well as money.
• Adding cryptographic techniques within the processing of information leads to delay
• Use of cryptography key for the public are required to setup and maintain public key infrastructure, which requires a huge budget.
• Security of cryptographic technique is mainly based on computations of mathematical problems (Buchmann 2013,p.44). Any type of breakthrough while solving the mathematical problems could render vulnerability of cryptographic techniques.

• Assessing the safety of Red Pike

Encryption works by scrambling the data so that it is not readable by unauthorised individuals. According to the analysis on the advancement of technologies, Red Pike is not considered as safe for any organisation regarding cryptography. Red Pike is an algorithm of encryption developed by NHS, which is a block cipher with a block size of 64-bit and a key length of 64-bit (Daras et al. 2015, p. 253). In this algorithm, only 64-bit data can be encrypted in a block at a time. Whereas there are several algorithms that have been developed recently which are able to combine up to 256-bits of data in a block. Advanced algorithms such as AES, Twofish, Blowfish, RSA, etc are able to encrypt data more efficiently. Every possible combination in 128, 192 or 256-bit data is possible using advanced algorithms of cryptography (Devi 2013, p.462). Therefore, it is recommended to the NHS not to use Red Pike algorithm for encryption of sensitive data and information within the organisation.

Recommendation of a new cryptography and the reason for the choice

The NHS is recommended to use the AES encryption algorithm for encrypting electronic data used by the organisation. The algorithm has a block size of 128-bits and key lengths of 128, 192 and 256-bits. AES is considered to be impervious to get attacked by threats having an exception of brute force that attempts in deciphering messages with the use of all combinations in 128, 192 or 256-bit ciphers.

The reasons for choosing AES algorithm for encryption is that it has several advantages over other algorithms.

• AES is much more secured in comparison to any other algorithms.
• AES algorithm supports law key sizes in comparison to other algorithms
• This algorithm is faster regarding both software and hardware than other algorithms
• The 128-bit block size of AES algorithm makes it less vulnerable to attacks and threats than the algorithms having 64-bit block size
• This algorithm is recognised by US government as well as international standard

Section C: Identity theft and Data governance

Discussion on the strengths and weaknesses of the adopted approach and description of the symptoms that went well or badly

Additionally, it has been identified from the case study that Banner Healthcare has faced a severe issue on the loss of the data and this was the act of the cyber crime. Moreover, this was one of the biggest cybercrime that has been identified. Nearly, 3.7 million people's information has been hacked. All the data that are attached to the patient have been leaked and it consists of the birthdates, patient's name, clinical information, a name of the physicians and much other relevant information and this has taken place on 17 to June 2016.

On 23rd of June another shocking information that came which is, the information regarding the credit cards has been hacked. Additionally, card owner's name, the number of the card and the date on which the card will get expire. This incident does not occur in a future organisation has taken the different steps and it is discussed below.

Adoption of the better protection policies of Data

This was one of the most important policies that have been undertaken by Banner Health when this has been introduced then each and every member has been given a personal login id and with the assistance of they can operate their systems and this has reduced the chances of the cyber attacks.There are few strengths of it which are

Proper management of the business

When this has been introduced in the entire organisation and the data can be kept securely (Thompson et al.2015, p.316). Once the data is kept properly then it will be easily managed (Van 2013, p.44). Additionally, this will enhance a trust and confidence among the patients and the employees.

Security to the patients and the employees

When this has been adopted then the data which are related to the patients of the hospitals are kept securely and they cannot be hacked. Related to the hackings that were done for the payment related issues proper steps are taken on that (News.bbc.co.uk, 2017), so that the customers and employees can make their transaction easily.

Huge cost:

Implementing the security system is not the main task for that proper maintenance is required and for that, there is a requirement of huge cost. This was one of the issues that have been faced by the organisation.

Training:

Employees who will be taking the responsibility they need proper training and if they are not trained properly then it will be difficult for them to operate the entire system. Additionally, the employees will be unable to satisfy the customers by their services and if they fail to do this then they will lose their market shares.

Suggestion of the theory and standards

Coding theory:

Coding theory deals with the properties of codes in specific applications. Codes are being used for cryptography, data compression, networking, and error-correction. Data compression compresses data from a source for transmitting more efficiently. Error-correction makes an addition of extra data bits for making transmission of data robust to disturbances that are present in a transmission channel. Ordinary users may not be able to use applications with error-correction. Source coding aims at taking source data and making it smaller. Sources codes reduce redundancy in the sources and represent it with few bits, which are able to carry a larger number of data. Channel coding theory find codes that transmit fast, contain valid codes and are able to detect errors.

Big data theory:

Big data is a set of a large number of data. It is referred to using predictive analytics, the user behavior analytics or other data analytical methods. Analyzing data sets are able to find correlations to combat crime. Data sets are growing rapidly due to the gathering of information through cheap and available devices. Relational database management systems face difficulty to handle big data. Big data depends on the capability of users and tools they are using. For organisations with a huge number of data may face difficulty in managing the large data. Big data consists of three elements such as volume, velocity, and variety.

Identification of the actions to be taken if faced the same problems of health information governance and network security

Actions to be taken in future occurrence of identity theft are:

• Firewalls:Firewall is a security measure found in all computer terminals as well as electronic networks regarding the proliferation of preventing crimes.
• Virus protection: Virus protection is a software designed for protecting computer terminal or the computational networking system from getting destructed by computer viruses. Virus protections prevent viruses from entering into the system by performing regular searches and updating the software.

Conclusion and Recommendation

In this study, a brief description about the network security, cryptographic techniques and data governance used by healthcare organisations have been discussed. Several threats faced by the organisation have been described. Several tools have also been identified for combating the network security. The strengths and weaknesses of the network security tools, cryptography, and data governance approach are taken by the organisation have been discussed in the study. At the end, a real life case has been chosen in which an organisation has faced identity theft issues. The researcher has also discussed the actions that would be taken in case of future identity theft in the organisation.

Recommendation

• Security staff: The healthcare organisation is recommended to recruit experienced staff as network security staff. Finding an expert in a particular field is very difficult and expensive. Therefore, it is very important for the organisation to develop technology for reducing the number of employees.
• Secured backup plan: The organisation is required to develop a secured backup plan for the data and information used within an organisation. Even in a case of accidental loss of data or data theft, backup of the data can be of a great help to the organisation.
• Creating security culture within the organisation: Developing security culture with the healthcare organisation by encouraging the employees to secure the system or network by using secure passwords.
• Document disaster-preparedness plan: diagrams of document configuration of software, hardware, and network connections are recommended to the healthcare organisations to use in a recovery process, which includes logistical diagrams, activation authority and travel requirements.
• Maintaining security patches: The cyber criminals constantly try to invent newer techniques and vulnerabilities. Therefore, improving the security network is very important for the organisation from preventing the hackers from entering the network and causing data loss.

Reference List

• Acemoglu, D., Malekian, A. and Ozdaglar, A., (2016). Network security and contagion. Journal of Economic Theory, 16(6), pp.536-585.
• BBC News Player - NHS trusts lose patient data. (2017).
• Buchmann, J., (2013). Introduction to cryptography. Springer Science & Business Media.
• Daras, N.J. and Rassias, M.T., (2015). Computation, cryptography, and network security(pp. 253-287). Berlin: Springer.
• Devi, T.R., (2013), April. Importance of Cryptography in Network Security. In Communication Systems and Network Technologies (CSNT), 2013 International Conference on(pp. 462-467). IEEE.
• Kahate, A., (2013). Cryptography and network security. Tata McGraw-Hill Education.
• Lafuente, G., (2015). The big data security challenge. Network security, 25(1), pp.12-14.
• Manshaei, M.H., Zhu, Q., Alpcan, T., BacÅŸar, T. and Hubaux, J.P., (2013). Game theory meets network security and privacy. ACM Computing Surveys (CSUR), 45(3), pp.25.

UPTO50%

Avail The Benefit Today!

To View this & another 50000+ free

Enter Email

Submit