Assignment 3 (Case Study) CIS5205
Due date: 09 Oct 2017
Description: Case Study
Word Limit: 3500 words
On successful completion of this assignment students should be able to:
• Analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
• Describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail
• Describe why legal privacy and ethical issues play an important part in effectively managing information security
• Communicate effectively written and orally about the management of information security in organisations.
This assignment must be all your own work. It is acceptable to discuss course content with others to improve your understanding and clarify requirements, but solutions to assignment questions must be done on your own. You must not copy from anyone, including tutors and fellow students, nor allow others to copy your work. All assignments will be checked using collusion monitoring tools to ensure that each assignment is the original work of the submitting student. Assignments that do not adhere to this requirement will be deemed as being the result of collusion or plagiarism. This may lead to severe academic penalties as outlined in USQ Policy Library: Academic Integrity Policy and Procedure. It is your own responsibility to ensure the integrity of your work. Refer to the USQ Policy Library for more details:
• Academic Integrity Policy
• Academic Integrity Procedure
Assignment 3 Details
This group assignment is designed to develop students’ problem solving and communication skills and requires a student to be responsible and collaborate with team members. It specifically requires you to apply the knowledge learned in this course to solve a particular problem.
Your project group are working for a consulting company that provides IT solutions for health care organisations in Australia. Recently a state health authority requires your company to provide solutions to the management of their medical records. There are 12 hospitals, 23 medical centres and 38 allied health services spread over 8 cities in this health authority. In Health Insurance Portability and Accountability Act addresses the security and privacy of health data. It also establishes national standards for electronic health data exchange. Your solution has to comply with the requirements of Health Insurance Portability and Accountability Act. It has to ensure that the authorised healthcare stakeholders can access the patient’s information any time, any place when they need to access it. The tasks for you are listed below, also any other issues that you have identified as essential for the sustainability of the proposed system:
Task 1: Design the medical data storage infrastructure.
Task 2: Design the network infrastructure.
Task 3: Design the privacy and security protection mechanisms for the databases, software, hardware and network of your system. This includes controlling physical security and logical security of the system.
Task 4: Design the policies that ensure operations security.
Task 5: Identify potential risks of your solutions.
Develop disaster recovery plan for the system.
Please present your solution in a formal consulting report using the template provided on the Study Desk. Make full use of the knowledge and techniques acquired in this course, as well as your prior knowledge and skills. Your report must be no more than 3500 words. Each group only needs to submit one soft copy of the report to Assignment 3 submission link.
All documents cited in your assignment (report) must list in a single alphabetical list at the end of the assignment. The following USQ Library Resources to assist you with referencing correctly using the Harvard Referencing System: https://www.usq.edu.au/library/referencing/harvard-agps-referencing-guide. Endnote Bibliography Software for managing referencing is available to you for free as a USQ Student: https://www.usq.edu.au/library/referencing/endnote-bibliographic-software
You need to submit your assignment 3 via the assignment 3 submission link on your CIS5205 Study Desk.
Do not email your work to the course leader. If you are unable to upload, notify the course leader of the issue so that it may be resolved for you to upload the assignment.
Please note that:
• The following is the USQ Assessment – Assignment (Late Submission) and Compassionate and Compelling Circumstances procedure that relate to Extensions and Late Assignments. They can be found under the following links:
? Assessment – Assignment (Late Submission) Procedure: http://policy.usq.edu.au/documents.php?id=14749PL#4.2_Assignments
? Assessment of Compassionate and Compelling Circumstances Procedures: http://policy.usq.edu.au/documents.php?id=131150PL
• Students seeking extensions for any Assignment work must provide appropriate documentation to support their request before the due date of the assignment (see points 4.3 and 4.4 in the Assessment of Compassionate and Compelling Circumstances Procedures above to see what is considered as Compassionate and Compelling reason for an extension and the level of documentation that will be needed).
• An Assignment submitted after the due date without an approved extension of time will be penalised. The penalty for late submission is a reduction by five percent (5%) of the maximum Mark applicable for the Assignment, for each University Business Day or part Business Day that the Assignment is late. An Assignment submitted more than ten (10) University Business Days after the due date will have a Mark of zero recorded for that Assignment.
? The StudyDesk Assignments submission tool will accept late assignments up until 23:55pm on the 10th University Business Day after the due date.