Expert answer:Discuss the types of data that may be stored in th

Expert answer:Original file attached. Comments below are to fix the original, sections 1-3.Overview for Vendors Insert paragraph here Arlecia, this paragraph can be shorter rather than longer – it is just laying the groundwork. By the way, it is not supposed to address a Key Management Plan. It should address this: Discuss the types of data that may be stored in the system, and discuss the importance of keeping this data secure. Include this information in the RFP. If you think about the earlier work you did on the Superior Health Care, and the types of data found in an Electronic Records management system that should help provide context for this section. Data like: patient monitoring data, billing data, medical charts and other nurse type data, diagnosis and other doctor type data, embedded medical device data (e.g. highly sensitive and life-supporting real-time data), and so on. Access Log and Context Insert Paragraphs Here Arlecia, the reference for this section says to provide context for the vendors to understand what our Relational Database Management System is: It is important to understand the vulnerability of a relational database management system (RDBMS). To that end, read about security concerns common to all RDBMSs. Then, provide the security concepts and concerns for databases. As a standard, the database with the information for medical personnel and emergency responders needs to identify at least three, no more than five, security assurance and security functional requirements of the database. Include this in the RFP. I believe we should use “MySQL” which is a type of data base. Think of things like enforcing Role Based Access Control on database table and views. Also read the “Database Defensive Measures” section below for some context. Also use this reference to help you form ideas for this section is: http://www.sciencedirect.com/science/article/pii/S… Vendor Security Standards Insert Paragraphs Here Arlecia, the instructions for this section state to: Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks. Include this in the RFP. Try this reference to help (see slide #8 and focus on evaluation assurance levels one thru four. https://umuc.equella.ecollege.com/file/6aa8bfb8-70…
draft_1_3_proj5_johnson.docx

Unformatted Attachment Preview

Running Head: SUPERIOR HEALTHCARE KEY MANAGEMENT PLAN: REQUEST FOR
PROPOSAL (RFP)
Superior Healthcare Key Management Plan (KMP)
Request for Proposal (RFP)
Request for Proposal (RFP), Superior Healthcare Key Management Plan
1
Introduction
This Request for Proposal (RFP) is a continuation of the work begun for Superior Military
Health Care (SMHC) Chief Information Security Officer (CISO) in support of the
implementation of a web-based Electronic Health Records Management (ERM) system. The
ERM system has been operational for over a year and the CISO has been approached by the
SMHC Chief Executive Officer (CEO) and Chief Financial Officer (CFO) regarding continual
streamlining of IT services and the cybersecurity risks associated with out-sourcing the SMHC
web-based applications and database. The outsourcing would be to a cloud-services provider
offering Software as a Service (SaaS) and Infrastructure as a Service (IaaS) – which also includes
cybersecurity service offerings. On behalf of the CEO/CFO, The CISO has asked SMHC
Information Technology (IT) and business departments to develop this RFP to solicit industry
bids for Database Operation and Security Services. Vendor responses to this RFP will help
inform the SMHC leadership team regarding financial feasibility of moving its database and
security services to a cloud-based provider and about the overall maturity of the cloud-services
industry with respect to its readiness to execute the requirements.
The SMHC IT Team’s role in creating this RFC will be to describe the required operating
environment and operational, testing, auditing, business continuity and reporting requirements
expected from the service provider. The IT Team will also act as a liaison between vendors and
SMHC leadership regarding vendor bids submitted to this RFP. The SMHC IT Team has
developed this RFC based on subject matter expertise regarding cybersecurity, database
administration, secure network design, web application design and intimate knowledge of
various business rules the database will be required to support.
Request for Proposal (RFP), Superior Healthcare Key Management Plan
2
Before final approval and selection, the Superior Military Health Care Review Board will
rate received Proposals for suitability in the following areas: [Outsourcing technology services,
2004]
•
To ensure the selectee can support SMHC requirements and strategic plans
•
To ensure the selectee has sufficient expertise to manage the tasks
•
To ensure the selectee can meet critical information Confidentiality, Integrity and
Availability requirements
I.
Superior Healthcare Key Management Plan
Superior Healthcare (SHC) is seeking vendor proposals to help with building a Key
Management Plan that supports Health Information Technology (HIT) in a secured virtual
environment. Responding projects must demonstrate an understanding of system vulnerabilities,
network security concerns and protect Personal Identifiable Information (PII).
Vendors are to advised, Superior Healthcare’s Key Management Plan must include Information
security systems (ISS) best practices within a virtualized environment for healthcare delivery
systems. Systems delivery service applications, securely compatible hardware and total cost of
project delivery are requested as part of your proposal response (Initiative, 2010).
II.
Systems Overview
Superior Healthcare incorporates different organizational needs, manages facilities
Request for Proposal (RFP), Superior Healthcare Key Management Plan
3
Electronic Healthcare Records (EHR) vendors will have approximately 2 weeks design and
submit final proposals. SHC virtual platform is a multi-vendor multi-interaction product.The Key
Management Plan intends on governing user behaviors and securing information within superior
Healthcare database. Superior Healthcare Key Management Plan covers a healthcare setting in a
virtual environment that facilitates transmitting and archiving patient records, healthcare records,
along with patient record storing or circulation. Superior Healthcare’s Key management plan
intends on incorporating national standards for the following health information technology
(HIT) database management practices,
✓ Security Assurance Assets Management
✓ Relational Database Management System (RDBMS)
✓ Patient Portal Management
III.
Metrics of Security Performance
The medical professionals and patients will need access to the database, healthcare
professionals will need to send and receive records while patients access their records to
track/monitor healthcare progress and communicate with medical professionals (NIST, 2017).
The types of data that may be stored in the system, and discuss the importance of keeping
this data secure. Types of data-in-transit or data-in-storage within the system include business
operations information, accounting data, and the sensitive patient healthcare records.
The environment that will facilitate interactions between patients, medical professions,
and their information will be a virtual environment. The virtual environment is an applicationbased hosting platform that needs to be monitored for vulnerabilities. Hosting hardware includes
servers and firewall along with routers and switches for internalized connections.
Request for Proposal (RFP), Superior Healthcare Key Management Plan
4
It is essential to understand the vulnerability of a relational database management system
(RDBMS).
Security Assurance (SA) systems for medical personnel and emergency responders
begins with trust.
Products security assurance and functional security requirements of the database is to
include guidance documents, configuration management, delivery service and operational
controls, life cycle support and vulnerability assessments.
The importance of protecting health information requires superior Healthcare incorporate
a set of internationally recognized standards for the competing vendors acquiring respondents to
integrate into the manufacturing of the health information technology database and information
technology (IT) security mechanisms (NIH, 2017).
✓ Integrated Practice Management System
✓ Health information technology interoperability framework
✓ Certified products with mutually recognized CC certificate
National and international industry standards serve as metrics of security performance to
measure the security processes incorporated in the product.
Products must be compliant with Common Criteria (CC) for information technology (IT)
security evaluation and offer functional packages meeting or exceeding evaluation assurance
level definitions (Mead, 2013).
Request for Proposal (RFP), Superior Healthcare Key Management Plan
References
Initiative, J. T. (2010). NIST Special Publication 800-37 Guide for Applying the Risk
Management Framework to Federal Information Systems. Gaithersburg, MD: National
Institute of Standards and Technology.
Mead, N. (5th July 2013 p.). Common Criteria Overview. Отримано з US-Cert:
http://pagenotes.com/writings/ccToolbox6f/CCManual/PART3/PART36.HTM
NIH. (9th December 2017 p.). Health Information Technology and Health Data Standards at
NLM. Отримано з NIH: https://www.nlm.nih.gov/healthit/index.html
5

Request for Proposal (RFP), Superior Healthcare Key Management Plan
6
NIST. (24th November 2017 p.). Guide to Industrial Control Systems (ICS) Security. Отримано
з National Institute of Standards and Technology:
https://csrc.nist.gov/publications/detail/sp/800-82/archive/2011-06-09
Seo, G. (2013). Challenges in Implementing Enterprise Resource Planning (ERP) system in
Large Organizations: Similarities and Differences Between Corporate and University
Environment. Composite Information Systems Laboratory (CISL) Massachusetts Institute
of Technology, 1-57.
…
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades