This is a information security question. Homework: All of the company\'s IT syst

Question

This is a information security question.

Homework:
All of the company's IT systems are have been outsourced. The company handles medical records. And they use the same web application for everything
- Employees can access company's confidential information such as medical records and personal information to update records and such
- Suppliers can see warehouse status and see if they need more supplies
- Customers are allowed to see their own medical record
- Public can see general information about the company and contact them if necessary

Note:
I need to come up with ideas to achieve security from threats. Im thinking technical like sql injections and how to prevent them and other possible attacks that can occur for web application (phishing, social engineering, targeted attacks, botnets etc). I want the answers to be as simple and straight to the point as possible

Explanation / Answer

There are several advantages to outsourcing arrangements. The outsourcer's information
security staff can often provide valuable insight, in a confidential manner, about how other
companies handle the same types of security problems.
The outsourcing company's information security administrators and systems
programmers specializing in information security can be a valuable asset to the client
organization. For example, the outsourcing provider may be able to help the client
reengineer access rules to tighten security or to react to regulatory changes. The outsourcer
may provide valuable information when your applications programmers perform a data
base migration or an update that involves internal application security.

Evaluation process.

Aside from the benefits derived from the outsourcer's data center experience and
internal resources, clients stand to gain from the overall information security environment.
Because outsourcing providers have strict contractual obligations to their clients and must
maintain their reputation in the marketplace, their control procedures are usually well
documented and enforced.
On the minus side, a shared environment with multiple clients poses more risks than the
contained environment of an internal data center. In multiple client sites, LANs, Wide Area
Network, dial-up access for multiple clients increases the points of exposure: the risk of
third-party employees having access to data; the risk of more than one client sharing Direct
Access Storage Device or spool, the risks inherent to data transmissions; the risks of
sharing a network; and in some cases the risk of sharing Central Processing Unit under one
operating system or under separate logical partitions. In addition, other clients may have
gateways to the mainframe from LANs and other distributed systems. A small exposure
can grow several orders of magnitude larger in an outsourcing environment because of the
sharing of resources with the outsourcer's other clients.
These risks are addressed by the outsourcer's physical and logical security procedures.
The greatest risk comes from poor up-front planning and poor communications between
outsourcer and client.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.