For the given pharmaceutical organization, the key objective of installing appropriate IT systems will be to deliver better services to the customer, keep the track records of the patients for increasing the efficiency of the operational activities, keeping the records of the stocks of all medications present in the shop, and maintaining the financial records of all the transactions that are carried out within the organization. This will help the organization to create a center of excellence for the patient care. With the help of this technology, it would be easy for the employees to carry out all the procedures and activities within the organization. It will help in avoiding all the paperwork; and, instead will maintain the records in a very systematic way. The data can then also be utilized for other data mining purpose. Another important gain of this technology to the given organization would be to improve the business performance, and thereby improve the profit lines down the operations (Sobh, 2013). The cost pricing will be managed more effectively, resulting into increased cash flows. It will give the management better controls for all the operative functions of the organization.
This technology will help the organization to serve the patients in a voluminous manner. The real-time access to the data will help to carry out all the activities in a short span of time. This will result into saving of time for the other patients. In addition, with alerts and safety responsibilities, it will also guide the patients in changing the medications, if required. It will also further help in knowing the latest updates regarding the drug updates, compliance changes, pricing changes, and healthcare reforms. With the help of given desktop computers, dedicated T1 connection, firewall settings, file server, and Windows 2008 Active Directory Domain Controllers, my key objective will be to extend the business everywhere with the help of these tools. In addition, I will be also focusing upon the physical and the logical vulnerabilities that might hamper the given system. And, in such cases, I shall try to find out the optimized solutions to solve such issues.
- Identify at least five (5) potential physical threats that require attention.
Today, the world has changed a lot, and with that the challenges and issues have also increased. There are several technological advancements, due to which the organizations are now able to carry out their operations smoothly. But, there are several physical vulnerabilities that need to be considered in order to avoid any flaws or breakdowns in the given technological systems of the pharmaceutical organization. Physical vulnerabilities will include threats to equipment, property, personnel, the interior architecture, the external infrastructure, the site office, and thereby the entire store. Even, parking facilities need to be taken care of during the situation of floods, fire, or any other severe environmental accidents, that could either harm the person or the property. Such threats should not be taken lighter, and the objective of the organization should be on insuring such equipment and dwelling.
During the case of physical destruction, even the entire desktop computer systems, the servers, and other connecting cable networks would be damaged (Mu, Yu, Li, & Zang, 2014). Further, the management might also be keeping a safety vault in their office, in order to store valuable money, equipment, software devices, hardware, and any other technological system. But, in case of any threats, these all could be harmed, and can cause a heavy damage to the entire organization. In addition, the destruction of computer systems would result in the destruction of the software and the database stored inside those systems. As a result, that all data will be lost, and the company will be in a very difficult position to manage all those issues.
During earthquakes, even the entire office building might be affected. And, hence, in such cases, even the medication merchandise will be lost. The company therefore needs to have some back-up such as warehouses, where they could keep their extra merchandise. This would at least help them to recover from the present deadly situation. The loss is not only in terms of money, but also from the other financial perspectives, the company might be affected a lot. People might stop coming to purchase their medications, unless the shop doesn’t start working, just like in the previous manner.
- Determine the impact of at least five (5) potential logical threats that require attention.
Just like the physical vulnerabilities discussed, there could be even logical vulnerabilities that could hamper the day-to-day operational activities of the given organization. All the information gathered from the patient records is stored in these computer systems. And, since, this data is highly confidential in nature, it is very necessary to protect it from any sort of logical threats. The first such kind of threat is the data misuse, by leaking the data to the outsiders. One or more employees might indulge into unethical practices, and due to which, data might be lost to some hackers or unauthorized users, which may result into damage to the organization. There might be some cases in which software gets either modified or deleted on an accidental basis. As a result, the old data is either lost or unable to recover.
The organization will face severe issues as a result of this lost data. Sometimes, the employees might carry out a fraudulent transaction, but then deny it of doing so. In another case, fraudulent transaction does occur, but the blame is put on someone else. There are several occurrences during when the employees might want to gain an unauthorized access, and hence might record a legitimate transmission of the system (Wu, Lee, Lin, & Wang, 2014). There are also probabilities of the hackers attacking the given system through viruses, Trojans, and other malware, which in turn could affect the entire system.
The logical vulnerabilities in this manner could either happen through unethical practices inside the organization or through technological issues relating to system failure, outside attacks on the system, or any other issues. In such cases, the organization will not have any capital loss, but will loss of precious data-sets that is stored in the system.
- Detail the security controls (i.e., administrative, preventative, detective, and corrective) that the pharmacy could implement in order to protect it from the five (5) selected physical threats.
The impacts of physical vulnerabilities are very huge; it could even destroy the entire organization. The pharmacy shop might be affected with several physical threats that could hamper the growth as well as the current existence of the organization. Due to thefts, the stock of medication might be lost. This could result into heavy financial burden on the organization. There could be extortion issue which could ultimately harm the organization. The terrorist attack on the given shopping mall might also result into the destruction of the entire mall. Further due to the strikes of the employees, the overall productivity of the employees will be down. In addition, due to some political movements, the shops might be required to remain closed. Hence, the organization would not be able to operate as per its desires. This will in fact affect the overall performance of the organization, and finally, the profit-lines of the organization. The greatest impacts will be from the financial, human resources, and technological front, due to which, company will be required to prepare counter-strategies, in order to solve these issues.
In order to protect the information systems against these physical vulnerabilities identified, it is important to safeguard them and protect them against natural calamities as well as unethical practices. As far as preventive controls are concerned, all the property items, computers systems, hardware, equipment, and other physical items need to be physically secured. From the administrative perspective, the manager needs to monitor the practices of the employees. Besides, he needs to ensure and take corrective actions for every access to the information data (Loukaitou-Sideris, 2014). During the annual inventory calculation, detection controls should be employed in order to ensure that, the inventories and merchandises are not stolen. Check-points can be kept for guarding the different items that are put up inside the shop.
- Explain in detail the security controls (i.e., administrative, preventative, detective, and corrective) that could be implemented to protect from the five (5) selected logical threats.
The impact of logical vulnerabilities would be to a greater extent similar to those of physical vulnerabilities. The logical threats refer to those that damage the software and the data most without actually damaging the physical systems. Whenever any software is infected, it might also happen that, it may corrupt the hard drive, by erasing all the sectors. This would result into changing the entire system. There are even logical threats regarding the financial preparation of the budget. Some of the employees by employing unethical practices might indulge themselves into unauthorized access of such financial information. Another employee might involve himself in tapping and recording the communication line in the given organization. They will thereby come to know about all such issues, and might even leak such valuable information to outside sources. The financial loss, the credibility loss, the operability loss, and the ethical loss would be very severe to the organization due to such issues.
Hence, for preventing these logical vulnerabilities, it is very much important for the organization to provide preventive controls to the sensitive and critical data. Appropriate user levels should be defined, so that not all the users can have the authorization access to the given sets of data. Further, the organization needs to terminate the user access of all those employees who will leave the organization. The employees need to be trained regarding the security measures taken to prevent the critical data. In order to detect any flow, the system can employ different tracking programs so that no one even thinks to attempt unauthorized access. Further, the organization needs to take administrative and preventive measures for providing uninterrupted power supply to all the systems (Easttom, 2011). All the systems need to have virus protection software as a mark of corrective action tools. And, in order to prevent any malicious attacks, the organization needs to constantly upgrade their computer systems with the security patches and different applications of security. In order to prevent logical vulnerabilities all the strategies adopted should align with the corporate objectives of the organization.
- For each of the five (5) selected physical threats, choose a strategy for addressing the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Justify your chosen strategies.
There are different ways and approaches in order to tackle with the above mentioned physical vulnerabilities. But, the risk mitigation and risk avoidance strategies will be different for each of them, since one strategy might not work for all of them. In some of the cases such as natural calamities, the strategy that will be adopted will be the hazard analysis, wherein the key aspects of such hazards and accidents will be determined. Further, to avoid thefts and any other unauthorized access, the organization can install CCTV cameras, and can at least have the footage to identify the culprits during such cases. In addition, they can even tighten the physical security level in order to prevent thefts.
In some of the other cases, political and economic analysis can also be carried out in order to understand the political movements as well as get an idea regarding the prevailing economic conditions in the given nation. This will help them to determine the requirement of the given medication, and accordingly can place their order with the suppliers. The transportation issues can be solved through a strategic alliance approach with the transportation companies. For each and every physical threat, the company needs to have first of all their objectives clear before implementing the strategy that will counter-attack these issues (Ceccato, 2014). The outcomes need to be determined, and in case there is any failure of the strategy, the alternative option should be kept ready. The physical goods and equipment can be protected through buying insurance. In the same manner, even the entire shop can be insured against fire, floods, earthquakes, terrorist attacks, and similar other calamities. The strategies will vary depending upon the type of physical vulnerability.
- For each of the five (5) selected logical threats, choose a strategy for handling the risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Justify your chosen strategies.
The logical vulnerability, just like the physical vulnerability has the greatest issue of unpredictability. All the threats will not have any specific timing for attacking the given organization. It is very much difficult to predict such occurrences of these events. The organization can just warn their employees of preventing the cyber attacks, and further, they can train them on it. Besides, they do not have the necessary resources, if any cyber attack will be with the latest technology. It is easy to say that, one can counter the cyber attacks, or can fight against any software viruses, during the time of such crisis. But, if the malware programs and the Trojans are built with a view to hack the entire system, then nothing can be done. Hence, the strategy needs to be robust and totally operational in nature.
The team needs to identify the networking chains, the flaws that might can occur, the periodicity of these flaws, and then determine how the given systems will be affected (Lack, 2006). They also need to provide the assistance as per the situation requirement. There needs to be a specific framework that will help to tackle with all these vulnerabilities. Besides, the organization needs to develop procedures regarding ethical practices in the organization. They need to educate their employees and motivate them in all their operational activities. If at any point, unethical behavior is found out, then the root cause needs to be identified first, and then necessary actions need to be taken.
References
Sobh, T. (2013). Information Leakage Prevention Using Virtual Disk Drive. International Journal of Computer Network and Information Security (IJCNIS), 5(8), 19-27.
Mu, C., Yu, M., Li, Y., and Zang, W. (2014). Risk balance defense approach against intrusions for network server. International Journal of Information Security, 13(3), 255-269.
Wu, T., Lee, M., Lin, H., and Wang, C. (2014). Shoulder-surfing-proof graphical password authentication scheme. International Journal of Information Security, 13(3), 245-254.
Ceccato, V. (2014). Safety on the move: Crime and perceived safety in transit environments. Security Journal, 27(2), 127-131.
Loukaitou-Sideris, A. (2014). Fear and safety in transit environments from the women’s perspective. Security Journal, 27(2), 257-261.
Easttom, C. (2011). Computer Security Fundamentals. New York, NY: Pearson Press.
