Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
The DIRD division is to collaborate with the other members of the CDC programs in order to come up with various innovative technologies to be utilized in positively impacting the various health practices in both short-term and long-term basis (CDC, 2010).
Public Health Informatics and Technology Program relies on various technologies in achieving its objectives. The underlying characteristic of these technologies is that they are client/server in their architecture are meant to aid in the handling of various forms of information in the CDC corporation and well as externally between CDC and its other partners.
System users
The major users of the Public Health Informatics and Technology Program's IT system are the various CDC personnel scattered across its global offices. However other stakeholders also have access to the system. The table below provides details of system users as well as their details and responsibilities
Table 1 Public Health Informatics and Technology Program's IT system Users
User Category
Access Level Read / Write/Full
Number (Aproximate)
Organization
Geographic Location
Developers
Read/Write
20
CDC (DIRD)
Atlanta
CDC personnel
Varied access
CDC
CDC offices
Stakeholders
Read
12
ACF, DOE etc.
Nationwide
System Dependencies
The system has various dependencies. The dependencies are telecommunication/Information Technology (IT) resources upon which the operations of the system under review are dependent in order to process, transport and to store information. The intricate relationship that exists between the various system components is crucial in order to ensure a seamless achievement of the basic Information Assurance tenets. Below is a list of the various CDC IT resources.
Policies governing CDC Enterprises
CDC's Enterprise Mid-Tier Data Center
CDC Network Infrastructures comprising of:
Information Technology Services Office's (ITSO) Local Area Networks (LANs)
Atlanta Metropolitan Area Network (AMAN)
CDC's Wide Area Network
Internet Connectivity
Technical Vulnerability Scanning Service
DMZ Connectivity
CDC Enterprise Windows Domain and the Active Directory Environment
CDC Enterprise Security Services which includes;
CDC's Border Firewall
RSA SecurID Authentication System
CDC's Border Router Access Control Lists
E-Mail Gateway Virus Scanning and Attachment Removal
Network-Based Intrusion Detection Systems
CDC Enterprise Mainframe
Protection Requirements
Both information and information systems have distinct life cycles. It is important that the degree of sensitivity of information be assessed by considering the requirements for the C/I/A of the information: the need for system data to be kept confidential; the need for the data processed by the system to be accurate, and the need for the system to be available. Confidentiality focuses on the impact of disclosure of system data to unauthorized personnel. Integrity addresses the impact that could be expected should system data be modified or destroyed. Availability relates to the impact to the organization should use of the system be denied.
The protection environment results
Confidentiality: The Public Health Informatics and Technology Program's Information Technology (IT) infrastructure contains information that is very sensitive since it holds identity information for various people who participate in CDC's surveys. There is therefore a need for the data to be protected against unauthorized disclosure. In case this data leaks to the general public, there would be a drastic loss in the...
The consequences could be great in terms of embarrassment and legal actions against the CDC.
It is therefore prudent to gauge the level of adverse effects that could results of unauthorized disclosure of sensitive information contained in the IT infrastructure. The level could be expected to be:
Limited
Serious
Severe
With a rating of being;
Low
Moderate
High
Integrity: The Public Health Informatics and Technology Program's Information Technology (IT) infrastructure collects as well as processes various health and nutritional data collected annually from various carefully selected representative data from the general U.S. population. Since the information obtained depends on the accuracy of the data collected. A modification of either the data or the final information would adversely affect the quality and accuracy of the survey results.
It is therefore prudent to gauge the level of adverse effects that could results of unauthorized disclosure of sensitive information contained in the IT infrastructure. The level could be expected to be:
Limited
Serious
Severe
With a rating of being;
Low
Moderate
High
Availability: If the Health Informatics and Technology Program's Information Technology (IT) infrastructure is to remain unavailable for a relatively short period of time, then the immediate effects of the interruption would affect the overall efficiency on the system's operation.
It is therefore prudent to gauge the level of adverse effects that could results of unauthorized disclosure of sensitive information contained in the IT infrastructure. The level could be expected to be:
Limited
Serious
Severe
With a rating of being;
Low
Moderate
High
Threat statement
The threat statements as outlined in the NIST SP 800-30 has a description of methods of threat identification, source of the threat and the appropriate action that is to be taken in order to carry out the assessment process.
The definitions are as follows:
Threat- this is the ability of a particular source of threat to cause utmost concern as vulnerability.
Threat sour nubuigh7uygtyhhuce- This is the event or circumstance that has the potential to harm an IT system. There are various sources of threats which can be attributed to human, environmental and natural sources.
Threat Action-This is the technique through which the attack on a particular system is perpetrated. Examples include intrusion, hacking, Denial of service attacks, spoofing etc.
Threat Source -- Any circumstance or event with the potential to cause harm to an IT system. The common threat sources can be natural, human or environmental.
Threat Action -- The method by which an attack might be carried out (e.g., hacking, system intrusion).
References
CDC, (2010).Public Health Informatics and Technology Program Office:Informatics Research and Development.
http://www.cdc.gov/osels/ph_informatics_technology/informatics_research_development.html
Chambers & Thomson, (2004).Vulnerability Disclosure Framework.
http://www.dhs.gov/xlibrary/assets/vdwgreport.pdf
http://csrc.nist.gov/groups/SMA/fasp/documents/risk_mgmt/RAR_Template_07112007.doc
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
http://www.praxiom.com/iso-27001-definitions.htm
Risk Assessment at the Wal-Mart Stores Inc. Industry and company information Risk assessment System characterization Threat identification Vulnerability identification Control analysis Likelihood determination Impact analysis Risk determination Control recommendations Concluding remarks Bibliography (Annotated) The current economic climate is more challenging than ever and economic agents face incremental difficulties in registering profits through the serving of a population with a decreasing purchasing power. Nevertheless, in a context in which most economic agents register decreasing revenues, America's number one retailer -- Wal-Mart -- registers growing
Risk Assessment for a water company Risk Assessment Report Organization: Artesian Water Company Table of Continent Executive Summary 3 Table 4 Analysis Problem & Solutions 6 Conclusion Risk Assessment Report for Artesian Water Company Artesian Water Company hereby presents their annual risk assessment report. Together with other companies, these reports are always presented to the Delaware Division of Public Health (DPH) and United States Environmental Protection Agency (EPA), as well as the public has the opportunity of
Introduction Infrastructure assets, although very beneficial to society are often marred with high profiled accidents and deaths. Industry segments such as trucking, rail transportation, and ocean shipping have all experienced very high profile and deadly accidents. Although the statistics indicate the many of these activities are safe, occasionally accidents occur that can adverse consequents for not only the company, but the industry overall. The airline industry is not except for this
Risk Assessment SAFETY AND HEALTH RISKS: UK Workers' health and safety has become a major issue of debate in the UK corporate world because it has been found that in several cases, occupational injuries occur not due to the negligence of the employees but more because of the inappropriate safety measures. While not every person would agree with this, at least those in the legal profession maintain that employers can be charged
Psychology differs from other sciences, such as physics or chemistry, where test conditions and parameters are easier to control. In psychology, there are factors that are easily controlled, but there are also circumstances that are beyond the control of the researcher. For instance, the researcher cannot control a history of abuse, or social teaching that occurred in the subject's childhood. All of these factors could affect the outcome of the
It is also quite possible to use the file system's security characteristics or features in order to protect accessibility to the device management application itself. Then unauthorized users will not be in a position to read the application file, and they will not be able to run the application and have to attempt to guess a legitimate logon password in each of the step providing an extra layer of