For This Paper, You Will Compile The Request For Proposal RFP For A Secure Health Care Database Management System.
A request for proposal (RFP), about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format.
Step 1: Overview for Vendors
· Conduct independent research on hospital database management. Think about the hospital’s different organizational needs. What departments or individuals will use the Security Concerns Common to All relational database security by metadata segregation (RDBMSs), and for what purposes?
· Provide an overview with the types of data that may be stored in the system and the importance of keeping these data secure. Include this information in the RFP.
After the overview is complete, move to the next step to provide context for the vendors with an overview of needs.
Step 2: Provide Context for the Work
· give guidance to the vendors by explaining the attributes of the database and by describing the environment in which it will operate. Details are important in order for the vendors to provide optimal services.
· It is important to understand the vulnerability of a relational database management system (RDBMS).
· Describe the security concepts and concerns for databases. Identify at least three security assurance and security functional requirements for the database that contain information for medical personnel and emergency responders. Include this information in the RFP.
· error handling and information leakage
· insecure handling
· cross-site scripting (XSS/CSRF) flaws
· SQL injections
· insecure configuration management
· authentication (with a focus on broken authentication)
· access control (with a focus on broken access control)
Step 3: Vendor Security Standards
· provide a set of internationally recognized standards that competing vendors will incorporate into the database. These standards will also serve as a checklist to measure security performance and security processes.
· database models
· Common Criteria (CC) for information technology security evaluation
· evaluated assurance levels (EALs)
· continuity of service
· Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks.
Step 4: Describe Defense Models
· Explain how enclave computing relates to defensive principles. The network domains should be at different security levels, have different levels of access, and different read and write permissions.
· Define enclave computing boundary defense.
· Include enclave firewalls to separate databases and networks.
· Define the different environments you expect the databases to be working in and the security policies applicable.
Step 5: Provide a Requirement Statement for System Structure
Provide requirement statements for a web interface to:
· Allow patients and other health care providers to view, modify, and update the database.
· Allow integrated access across multiple systems.
· Prevent data exfiltration through external media.
State these requirements in the context of the medical database.
Step 6: Operating System Security Components
In this step, you will provide the operating system security components that will support the database and the security protection mechanisms.
· Provide requirements for segmentation by operating system rings to ensure processes do not affect each other.
· Provide one example of a process that could violate the segmentation mechanism. Ensure your requirement statements prevent such a violation from occurring.
Specify requirement statements that include a trusted platform module (TPM), in which a cryptographic key is supplied at the chip level. In those specifications:
· Describe the expected security gain from incorporating TPM.
· Provide requirement statements that adhere to the trusted computing base (TCB) standard.
· Provide examples of components to consider in the TCB.
· Provide requirements of how to ensure protection of these components, such as authentication procedures and malware protection.
Step 7: Requirements for Multiple Independent Levels of Security (MILS)
For this step, you will focus on identification, authentication, and access. Access to the data is accomplished using security concepts and security models that ensure confidentiality and integrity of the data.
· Write requirement statements for MILS for your database in the RFP.
· Include the definitions and stipulations for cybersecurity models, including the Biba Integrity Model, Bell-LaPadula Model, and the Chinese Wall Model.
· Indicate any limitations for the application of these models.
Step 8: Include Access Control Concepts, Capabilities
· In this step, you will focus on access control. The vendor will need to demonstrate capabilities to enforce identification, authentication, access, and authorization to the database management systems.
Step 9: Test Plan Requirements
Here, you will define test plan requirements for vendors.
· Incorporate a short paragraph requiring the vendor to propose a test plan after reviewing these guidelines for a test and remediation results (TPRR) report.
Provide requirements for the vendor to supply an approximate timeline for the delivery of technology.
Trivedi, D., Zavarsky, P., & Butakov, S. (2016). Enhancing relational database security by metadata segregation. ScienceDirect, 94. http://ac.els-cdn.com/S1877050916318208/1-s2.0-S1877050916318208-main.pdf?_tid=480c35ae-a161-11e6-a664-00000aab0f01&acdnat=1478135167_7bd287eb942d2056a92b63c754097bcf