Title of Unit
Institution of Affiliation
In the given scenario, the threats to the system range from a number of aspects. It is important to note that the different threats have got varied levels of damage or the risk posed therefore they should be tackled in accordance to the risk posed to the system as a whole. Firstly, there is the threat of physical damage of the machineries and the various assets that are used to store the information that is used in the health network. This can be caused by physical damage by people with malicious intentions to the network or even insider workers who collude to do such unwanted acts in an organization. Knapp, E. D., & Langill, J. T. (2014).
Secondly, is the threat of hacking of the network system of the network by hackers with malicious intentions. Hackers may have the desire to access the information of the organization which may land into wrong hands or unnecessarily land into hands of the public and in the case that it is a confidential type of information. Knapp, E. D., & Langill, J. T. (2014).
Elsewhere, another threat is that of insider rogue workers. Some of the workers in an organization are not trustworthy and therefore they may end up planning for malicious activities in the network which may really damage the organization. For instance some of the insider workers may collude to steal some of the information in the network and this may be used against the network itself. Pathan, A. S. K. (Ed.). (2016).
Additionally there is the threat of systems challenge. This refers to the technical issues that are associated with the network itself and which naturally occur and usually when they occur they require the attention of the engineers and the technical personnel. Therefore incase of such scenarios, it is important to take swift and proper actions to solve such technicalities. Pathan, A. S. K. (Ed.). (2016).
The attackers in the scenario are the various people who have got various evil intentions or simply malicious desires which are usually against the wish of the organization. For instance they include the likes of the hackers, inside colluding workers, malicious programs that enter into the system and really cause unwanted and extreme damage to the information of the network among many other attackers. Pathan, A. S. K. (Ed.). (2016).
Some of the malicious programs are usually intentionally, spread by some people who may for instance want to get money from the effects of such malicious programs. For example, the malicious programs may be spread to the network and upon entering into the system; they in turn demand for compensation in form of money in order to remove such malicious programs, and by so doing, some people make money from such malicious programs, which are a threat to the system. Todd, M., Koster, S. R., & Wong, P. C. M. (2016).
By using STRIDE, the attackers attack by sproofing, tampering, reputation, information disclosing and elevation of privileges. In sproofing, there may be several sproofing attacks that need to be looked into. In regards to tampering, there are various data bases that may be tampered by the attackers, information disclosure pertains the attackers disclosing the confidential information of the network to the unwanted hands in case they manage to attack the network through the internet for instance, in denial of service, the attackers may interrupt the network through hacking for instance, and hence cause a serious denial of service to the network and finally, elevation of privileges involves the various system parts that may be attacked by the various attackers and elevate the privilege, for instance, they may get access to the administrator’s portal and cause serious problems as far as the position is concerned. Todd, M., Koster, S. R., & Wong, P. C. M. (2016).
After looking at the above threats it is evident that the threats pose a great threat and challenge to the system and therefore it is prudent to have mechanisms of dealing with them. Therefore in this regard a number of security control measures can be put into place to ensure the threats are well avoided and mitigated at the same time. Knapp, E. D., & Langill, J. T. (2014).
Some of the control mechanisms include like, installing anti hacking mechanisms that will ensure that the network in discussion is safe always and not at a risk of being attacked by external attackers. The various anti hacking mechanisms include like installation of the various anti hacking sofctwares among many others. Knapp, E. D., & Langill, J. T. (2014).
Secondly, the network should have in place, technicians who have got the ability to properly guard the network against external interference. The technicians will deal with any intruding by the outsiders with malicious intentions against the network. Todd, M., Koster, S. R., & Wong, P. C. M. (2016).
Elsewhere, the network should have strong information facilities that cannot be interfered easily. This will ensure that the system is indeed reliable and therefore safe always. Other mechanisms include like installation of antiviruses for the network among others. Todd, M., Koster, S. R., & Wong, P. C. M. (2016).
|ASSET||THREAT||IMPACT||RECOMMENDED SECURITY CONTROL||RESPONSIBLE ROLE|
|HNetPay||Disclosure of information||It gives access to unauthorized people to get details of credit card of patients||Automation in the systems to be reduced||Administrator of database|
|sproofing||It cripples the servers which deal with the payments and transfers||Packets that are transmitted within the network to be filtered to avoid the overloading issue||Systems administrator|
|HNetExchange||tampering||It converts authentic information to counterfeit information||Firewalls to be set up to avoid the tampering||Systems administrator|
|Disclosure of information||Access to private patients information by the public, unnecessarily||Automation should be reduced||Officer in charge of security|
|Privilege elevation||People with evil intentions get access to the system||Reduction of overruns||Systems administrator|
|HNetConnect||Service denial||Services necessary for doctors to log in are broken down||Use of ISPs that prevent the packets of DoS such that they don’t get to the bandwidth||Database administrator|
|Repudiation||Data manipulation in the system||Authentication should be put so as to guarantee integrity as well as assurance standards||Security officer and systems administrator|
1. Knapp, E. D., & Langill, J. T. (2014). Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress.
2. Pathan, A. S. K. (Ed.). (2016). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press.
3. Todd, M., Koster, S. R., & Wong, P. C. M. (2016). U.S. Patent No. 9,264,441. Washington, DC: U.S. Patent and Trademark Office.