Scribd Logo
Upload

Welcome to Scribd!

  • Review 3 Iss

    Uploaded by

    gunda pavan
    11 views4 pages

    Original Title

    REVIEW 3 ISS

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views4 pages

    Review 3 Iss

    Uploaded by

    gunda pavan

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Name: G.

    satyapavankuar
    Reg_No:19MIS1126
    Course: Information and System
    Security
    Course Code: SWE3002
    Slot: C2+TC2
    Faculty: Rajesh Kumar Sir
    REVIEW-3
    Bioterrorism and Biosecurity
    Security and Privacy Requirements
    for Remote Servicing

    Security Problem:
    Remote access is a growing need for many businesses. It allows
    mobile workers or remote staff to access office systems and
    processes via the internet from remote locations. Despite its
    many benefits, remote access can expose your business to risks.
    You will have to manage these risks to keep your remote access
    secure at all times. Otherwise, your network may become
    vulnerable and your business data exposed.
    Remote access issues
    Remote working relies on the exchange of business data or services
    outside of the corporate infrastructure, typically over the internet. It can
    be achieved through a variety of client devices, including many that are
    outside the organisation's control.
    The remote environment in which these devices are used may also pose
    risks. For example, security concerns may exist around:

     lack of physical security controls - creating a risk of device loss or


    theft
     eavesdropping - as the information travels over the public internet
     unauthorised access to systems or data - perhaps overlooking the
    screen
     monitoring and manipulation of data - if someone gains access to
    the device
    You can adapt most of the common cyber security measures to meet the
    unique challenges of remote access security.

    Remote access security measures


    Some specific recommended actions for securing your remote access
    include:

     encrypting data to prevent theft


     using strong firewall and security software
     using two-tier authentication (eg first with a password and then
    with a token)
     restricting access to unauthorised users
     allowing access to legitimate users but limiting to the minimum
    services and functions required
     reviewing server logs to monitor remote access and any unusual
    activity
     deleting remote access privileges once they are not needed
     testing system regularly for vulnerabilities
     keeping firewall and remote access software patched and up-to-
    date

    Remote Servicing Security and Privacy


    Regardless of whether the servicing staff is present at the modality or
    located in a RSC, the same
    level of security and privacy is required and can be realized. Although the
    general goals for data
    security and privacy – availability, confidentiality, and integrity – are
    unchanged the measures to be
    taken to realize them differ when performing remote servicing

    Establishing the Connection


    This must be accomplished by the customer first identifying and then
    authenticating the
    claimed identity of the RSC that is attempting to connect with the
    customer’s equipment before access
    is granted to its facilities, its network, or the vendor system. Health care
    facilities do not need to
    individually identify and authenticate RSC service technicians themselves
    because they would already
    have been identified and authenticated by vendor IT at the RSC

    Secure Data Transfer:


    There are two ways to provide the
    required protection: physical protection of the communication channel
    itself or encryption of the data.
    If communication lines cannot be protected by physical means, then
    many encryption technologies,
    e.g., VPN, IP-Sec, SSL, application-level encryption, are available to
    protect data confidentiality (and,
    incidentally, its integrity).

    The encryption technique chosen must be adequate to protect against


    known and anticipated threats.

    SOLUTIONS:
     The most important would be that maintenance or repair response
    times could be reduced, and availability of equipment increased.
    Additionally, remote servicing could result in lower costs for
    customers since on-site maintenance visits would be reduced.
    Furthermore, innovative services could be offered, e.g., scheduled
    preemptive maintenance to avoid unplanned accidental downtime.

     Protecting personal health care information has always been


    important to healthcare facilities and vendors.
     As health care is extending into the information age we all must
    examine and improve our privacy enforcing policies, procedures, and
    technologies.
    The example of remote servicing shows that
    as a pre-requisite both parties, the health care facility and the vendor,
    have to secure their local
    networks. Together with the remote servicing architecture presented
    herein vendors and healthcare
    facilities can provide a secure capability for customer-oriented servicing.
    Eventually this innovative
    servicing can be conducted at the same level of security and privacy as if
    the servicing staff were
    physically present on-site.

    You might also like