Engineering Homework Help

Case Study Scenario: You are a cybersecurity analyst working at a prominent regional hospital. On Monday morning, the organization’s technology help desk received a call from Dr. John Beard, a long-time resident physician. Dr. Beard called them to report that his company laptop was stolen from his car after he stopped to work out at a local gym on his way home from the office. A representative from the help desk informed you of the theft and also mentioned that Dr. Beard stated that his laptop case contained a USB thumb drive that he purchased to “back up” important patient files he saved onto his laptop. Dr. Beard also revealed that his daily planner “might have” been in the bag, and that the planner had his hospital computer user name and password written on the back cover. Prior to ending the call, Dr. Beard told the representative that he would call her back if his daily planner turned up. As your conversation with the help desk representative wound down, she commented that Dr. Beard had many different computer “issues” that keep her team busy. She recalled talking to Dr. Beard about the hospital’s policy against accessing patient files remotely, and his annoyance with her inability to help him “get work done” while away from the hospital. And just a week ago, a junior member of her team completed a service ticket to reconfigure Dr. Beard’s laptop to grant him administrative rights. The service request stuck out because it did not have a “reason” indicated (a company policy requirement), but was still approved by James Davis, the hospital’s senior system administrator and close personal friend of Dr. Beard. 

Prompt:  After reading the scenario above, complete the Fundamental Security Design Principles mapping table in the Case Study Template and answer the short response questions. 

Specifically, you must address the critical elements listed below: I. Fundamental Security Design Principles Mapping: Fill in the table in the Module Two Case Study Template by completing the following steps for each control recommendation: A. Specify which Fundamental Security Design Principle best applies by marking all appropriate cells with an X. B. Indicate which security objective (confidentiality, availability, or integrity) best reflects your selected control recommendation. C. Explain your choices in one to two sentences, providing a selection-specific justification to support your decision. II. Short Response Questions: A. How might you work with someone like Dr. Beard to cultivate a security mind-set that is more in line with the organization’s ethical norms? Hint: Consider his attitude, his past behaviors, and his opinion about organizational policies. B. How would you help the hospital better secure its patient files? Make sure to incorporate at least one data state (data-at-rest, data-in-use, or data-in-motion) and one of the control recommendations from your completed table in your response.