Network security management-flow diagram


Network Security Management-flow diagram, assets and detail of functions (see case study MIIS after questions). I have completed the assets and flow diagrams and interfaces.

Homework Question
1. Start the systems engineering on the for MIIS, based on the prior homework assignments: 

a. Decompose MIIS into the basic functions that are required: provide a brief description of each component, and put together a MIIS functional architecture diagram that shows these functions, the interfaces among the functions, and the interfaces to things outside of MIIS.
b. Create an Information Asset Inventory of all the security critical data items in MIIS. Note that these assets should be an important subset of all the IT assets. 
c. For each item in the Information Asset Inventory, identify all the functions that it used in and every interface it goes over. This will help to see where each of the information assets has to be protected: the places where it is stored, and the places where it is "in transit" This is key step in the security engineering for the homework and for the project.
d. Use the set of prioritized risks from last week as the basis for a set of security requirements for MIIS. These priorities should have been based on the combination of impact and likelihood, with the most important (highest impact, highest likelihood) as the highest priority. Since the list is prioritized, you can shorten the list by eliminating the least important ones such as the low/low, low/medium, medium/low impact/likelihood risks (assuming you used at least a 3 choice scale for impact and likelihood, and low, medium are the two lowest points on the scale). Be clear, however, about which risks you are dropping. This is primarily to save work on this and the next homework. In practice, you may or may not drop the lowest priority risks.
e. Allocate these requirements to the appropriate elements of the MIIS functional architecture in part a of this homework.

Homework Case Study: 
MEDOC Insurance Information System (MIIS)

MEtrotech DOctors' Cooperative (MEDOC) is a local Brooklyn health insurance plan that includes a network of participating doctors, pharmacies, labs, and hospitals (all called providers). MEDOC is a closed system, sort of like an HMO. For the convenience of the plan members (i. e., the ones who may receive health care benefits from the plan), MEDOC provides all participants an "MCard" (MEDOC Card) Visa "smart card", which is a combination health insurance card and limited purpose credit card honored by all the providers in the MEDOC network. It is NOT a general purpose charge card, but can only be used at MEDOC providers; the Visa affiliation is only for payment processing purposes. Plan members receive a monthly bill from VISA. The "Smart card" has a chip that stores the participant's name, health care ID, (which is NOT the SSN), and Visa card number. The card has contacts (not a mag strip) to allow it to be read. Note that each family member in a covered family has their own MCard card, although the family will receive one aggregate bill from Visa.

When a plan member sees a participating provider, the MCard card is presented to a provider employee. The employee has a handheld device, the Portable INvOice Transmitter (PINOT) that reads the MCard to get the patient information, allows the employee to enter the standard EDI codes for services rendered and transmits them over wifi to a MEDOC owned/managed Medoc (Wireless) Access Point (MAP), which connects to the provider LAN and then to the provider ISP. That invoice is transmitted electronically to the centralized MEDOC Payment System (MPS), which determines if it is a covered service, the negotiated fee paid to the doctor and charge to the plan member (co-pay, or full cost for uncovered procedures) for each service. The negotiated fee is sent to the provider by MEDOC via an electronic funds transfer (EFT) through MEDOC's bank, and the co-pay is billed to the participant through the VISA charge clearing house (VCCH). VCCH provides payment information back to MPS.

MPS does need to keep a record of all transactions, including costs and EDI codes, to compute deductibles, coverage limits, etc.

The task over a series of homework assignments will be to perform the entire suite of system security engineering and management processes in this course. Specific questions for each week are posted in the assignment section. Only the MPS, PINOTs, MAPs, and MCards are part of MIIS, and hence part of the case study.

MIIS System Boundaries

The MIIS system used for this case study includes the following

1. The PINOTs and MAP at each service provider's offices
2. The MEDOC Payment System (MPS) at the MEDOC office
3. The MCards
4. Wifi links between the PINOTs and the MAP
5. Used by MIIS, but outside the boundary, are the provider LAN, internet connections between those LANs and and the MPS, the internet connection between MPS and the VISA charge clearing house (VCCH), and the connection between the MPS and the bank for EFT; VCCH and the bank are considered secure except for the interface with MPS.

Note that there are many simplifications of this system to make the case study simpler some of which are unrealistic Do not try to read more into this than is here-there is already enough to do.

1. The PINOTs are used ONLY for the MCard processing. It is not used to store the providers medical records for each patient. Presumably, the providers have a separate system for that. In reality, there would be one integrated system for both purposes. If the provider takes other medical coverage, they will process all claims on another system, not on MIIS
2. There is no provision for members going to any non MEDOC providers and getting "out of network" coverage from MEDOC
3. Two simplifications are made up front that support security: the use of dedicated PINOTs, and the fact that SSN is NOT the patient identifier. In reality, the SSN is used in the background by medical providers to coordinate benefits across plans, etc., since it is the only unique identifier. But it is no longer used as the member ID number as it used to be (some of you may remember carrying medical ID cards with your SSN.)

No credit trivia question: In a different framework, what is wrong with the phrase "MEDOC PINOT" Please don't google or research the question, just send me email if you know without research. No bonus points to the first responder. 

Request for Solution File

Ask an Expert for Answer!!
Computer Network Security: Network security management-flow diagram
Reference No:- TGS0135439

Expected delivery within 24 Hours