Introduction
This assignment requires you to conduct a security analysis of a proposed system and devise a security solution that mitigates the most serious risks to that system. The aim of this assignment is not to achieve an exhaustive list of threats, risks or security mechanisms, but to identify the most serious risks and address them in a reasoned and cost-effective manner. The most important aspects of your answer are the reasoning applied to the problem and the justification for your design.
Because of this, a short but clear argument is preferable to a long-winded one. Your answer should not exceed twenty-five pages. As a guideline, approximately 5–7 pages on the security analysis and 12–15 on the security design (including figures and tables) should be enough for a good answer. Be sure, however, to answer thoroughly and (where appropriate) realistically.
Proposed System
A private healthcare company operates in the rehabilitation field, providing prosthetics, orthotics and physical therapy services to patients. They currently operate three different practices in three separate cities across the UK, and are looking to acquire premises in two new cities.
They operate mostly using paper-based records, and are keen to modernise. The company wants to develop a single software solution to manage patient records, schedule appointments, and process payments. The idea is to offer a greater degree of choice for patients by allowing them to book an appointment at any of the different practices interchangeably whilst providing the care providers with full access to a patient’s records.
There are no plans to make this system interoperate with any NHS system, and the company is keen for the system to operate securely. The company has contracted you to provide a security analysis and high-level design for a system that satisfies the following requirements:
1. Patient records (including detailed medical notes, and previous bills) need to be accessible in any of the three locations.
2. The system needs to provide a means of scheduling appointments and keep track of the different practice diaries.
3. The system needs to be able to bill patients and accept payments.
4. The system needs to operate seamlessly over the existing and future locations.
The company currently employs 3 receptionists and a total of 10 physical therapists over three different locations. They are intending to employ a system administrator full time to maintain the system. Should they be successful in acquiring new premises, they will hire additional staff, a minimum of 2 additional receptionists and 3 physical therapists.
The following is a simple use case diagram that the company have drawn illustrating what they think the new system should do.
Security Analysis
Since this is a very preliminary proposal, you have been given the job of designing the high-level architecture of the system. Before you can design a solution, you need to conduct a high-level security analysis of the proposed system. You should feel free to make assumptions about the system; however these should be explicitly stated in your answer.
Start by scoping your analysis, outline a technical architecture that satisfies these functional requirements, and analyse the proposed system to identify the most significant assets and security needs. Without conducting a detailed risk analysis, summarise what you think are the most important risks to this system. Your answer should include views of different stake- holders in the system, and if any of these are in conflict, a discussion about which of them should prevail.
The results of your analysis should clearly identify the areas of the system that are most in need of security.
Security Design
Based on your analysis of the security requirements of the proposed system, devise a realistic and cost-effective defensive strategy. This should include the high-level security architecture of the system and general policy specification for the operation of that system.
Finally, justify your decisions, arguing for the cost-effectiveness of your design.
Assessment criteria
The assessment is intended to judge the extent to which you can:
• apply a security design process,
• identify security requirements,
• specify a cost-effective solution to security requirements, and
• reason critically about security design.