Scenario: (see attached file about key facts about hospital)
You have recently been hired as a security analyst at the Northwest Shelbyville Regional Hospital (NWSRH). You are responsible for developing, maintaining, and monitoring IT security practices and systems to protect the confidentiality, integrity, availability, and safety (CIA+S) of NSRHS systems and data. As a member of the information security team, your role involves advising decision makers on how to minimize risks and support the mission of the organization. You will identify security issues involved in the development of security architecture solutions and implementation plans, research and deploy new technologies, develop and document security policy, and perform security audits and risk assessments. Review these key facts for more information about the hospital.
Your task this week is to check the internet and the Common Vulnerabilities and Exposures (CVE) List for networked IoT or IoMT devices with publicly known problems identified in the past six months.
Select two devices related that might be relevant to the organization setting and review what is known about the vulnerabilities of these devices.
For each device, include background information about the device, a description of the vulnerability, possible solutions that have been identified to fix the vulnerability, and your recommendation on whether the organization should avoid the product.
Use this Memo Template to record your work.
How Will My Work Be Evaluated?
In writing a clear and concise memo to inform management about potential vulnerabilities, you are demonstrating communication skills, technical expertise, and responsiveness to stakeholder needs and concerns.
The following evaluation criteria aligned to the competencies will be used to grade your assignment:
1.2.1: Identify the target audience, the context, and the goal of the communication.
1.3.4: Balance original content with supporting sources.
1.4.1: Produce grammatically correct material in standard academic English that supports the communication.
2.1.1: Identify the issue or problem under consideration.
10.1.1: Identify the problem to be solved.
10.1.3: Define the specifications of required technologies.
12.1.1: Determine business needs that require policies, processes, and procedures.
12.3.1: Select controls.
12.3.2: Describe the implementation of controls.
Learning Links
https://sites.tufts.edu/eeseniordesignhandbook/2015/internet-of-things/
Have you ever walked out of your house, only to discover that you left your keys behind? What usually follows is a frantic search of pockets, bags, car seats, and couch cushions. What you need is a smart key ring. Simply clip a fob to your key ring or have a chip installed in your key itself, and the next time your keys go missing, you only need to pull out your smartphone. Your phone can then tell you how close you are to your keys or even make the key ring fob beep to help you find your keys quickly and with as little stress as possible.
In recent years, there has been a trend of simple items and appliances being replaced with new “smart,” internet-connected versions of themselves. The key ring is a perfect example of a “dumb” object, the classic metal key ring, being replaced by a “smart” object, the key ring that helps you find it. This trend is known as the rise of the internet of things, and it’s not just limited to key rings. There are smart devices that help you monitor your health, heat your home, and even track the state of the environment.
The internet of things (IoT) refers to all devices connected via the internet. It provides an interactive environment of human users and a myriad of devices in a global information highway, always on and always able to provide information. IoT connections happen among many types of devices such as sensors, embedded technologies, machines, appliances, smart phones—all connected through wired and wireless networks.
This proliferation of IoT devices gives hackers avenues to gain access to personal data and financial information and increases the complexity of data protection. Given the increased risks of data breaches, newer techniques in data loss prevention should be examined.