Discuss the following, supplying citations to support any information that you provide.  Do not include your opinion, only what you can support with a citation.  Address the following topics.

1. What is malware? 
   1. Discuss at least five types, describing each.
   2. Discuss what they are and what they do.
   3. Discuss a notable instance of each type
2. What impact can malware have on an organization
3. How can an organization reduce risks associated with malware?  (Hint: talk about appropriate types of policies, procedures, and the use of technology)
4. What is software piracy or license violations?
   1. What can an organization do to avoid it?
   2. What are the potential consequences of it?
   3. What relationship does it have with malware?

For all writing assignments ensure that you do the following:

• Write 1000 to 1500 words in APA format.
• Utilize at least five scholarly references. 
• Note that scholarly references do not include Wikipedia, .COM websites, blogs, or other non-peer reviewed sources. 
• Utilize Google Scholar and/or the university library. 
• Do not copy and paste bulleted lists.  Instead, read the material and in your words, describe the recommendation citing the source. 
• Review the rubric to see how you will be graded.
• Plagiarism will result in a zero for the assignment. 
• The second instance of plagiarism will result in your failure of this class.
• If you use a source, cite it.  If you do not, it is plagiarism.

Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.

Your client is Health Coverage Associates, a health insurance exchange in California and a healthcare covered entity. The Patient Protection and Affordable Care Act (ACA) enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:

• A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client protected health information (PHI) that allowed access to PHI stored within the database
• An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized to have access to the PHI
• An unauthorized access to client accounts through cracking of weak passwords via the company’s website login

Health Coverage Associates would like you to develop a security management plan that would address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur. 

Write a 1- to 2-page high-level executive summary of the legal and regulatory compliance requirements for Health Coverage Associates executives. The summary should provide

• Accurate information on the HIPAA requirements for securing PHI
• FISMA and HIPAA requirements for a security plan
• Scope of the work you will perform to meet the Health Coverage Associates’ requests

Compile a 1-to 2-page list of at least 10 of the CIS controls that provide key alignment with the administrative (policies), physical (secured facilities), and technical safeguards required under HIPAA to protect against the attacks listed above. Include corresponding NIST controls mapped to the selected CIS controls.

Write a 1- to 2-page concise outline of the contents of the security management plan. Include

• Policies Health Coverage Associates will need to manage, protect, and provide access to PHI
• The recommended risk management framework Health Coverage Associates should adopt
• Key elements Health Coverage Associates should include in its plan of actions and milestones

Cite all sources using APA guidelines.

Objective

———————

Through this real-world project you will design a secure, scalable, and responsive database security plan and requirements definition document for a system of your choice. Your chief security officer has given you the assignment of defining, developing, and documenting a database security policy and plan for your databases. This document shall define who is responsible for security in your organization and what authority is granted to that person in the advent of a security breach. Additionally, policies and procedures should be defined and documented that outline the daily administrative tasks, definition of security rules and methods, and the enforcement of those rules. Your job is not to implement the requirements but to define what the requirements are and to document them. While working on your project, assume the roles of the chief security officer, database designer, database administrator, and chief applications designer.

Part 1: Project Identification and Business Environment —

Address the following topics as they apply to your policy:

1. Establish authorities and responsibilities for database security management.
2. Develop operational and incident management procedures when security breaches are discovered.
3. Define personnel and procedures for daily administration and maintenance of security policies.

Part 2: Architecture and Operating System Considerations — 

Address the following topics as they apply to your policy:

1. Define the architecture for your system. Does it use client server, web, or application servers? Given the architecture, elaborate on what methods will be used in your database to support this architecture. Consider the following elements in the formulation of your policy:
   • Integration of DBMS security with client applications and operating systems
   • Integration of DBMS security with network operations
   • Integration of DBMS security with server operating systems
   • Integration of DBMS security with web servers and application servers
2. Define requirements as they relate to database security. This includes, but is not limited to: connection pooling, proxies, application roles, file permissions, privileged accounts, password requirements, and other methods appropriate to your selection.

Part 3: User Accounts and Password Administration — 

Address the following topics as they apply to your policy:

1. User administration
2. Password policies
3. Profile definitions and assignments. What is the criterion for assignment of a profile to an account?

Part 4: Privileges and Roles — 

Address the following topics as they apply to your policy.

1. Security model selection
2. Roles, including privileged roles assignment and administration and role policies
3. System privileges
4. Object privileges

Part 5: Database Security Operations — 

Address the following topics as they apply to your policy

1. Requirements and methodology for database logging
2. Requirements and methodology for activity auditing

Part 6: Data Isolation Policies — 

Address the following topics as they apply to your policy:

1. Requirements for data isolation
2. Database views
3. Database triggers
4. Database stored procedures

Part 7: Physical Environment for Secured Databases — 

Address the following topics as they apply to your policy:

1. Use of physical security and control mechanisms systems
2. Database backup and restore practices relating to security

Part 8: Conclusion, Summary, and References — 

1. Develop a summary and conclusion for your paper
2. Cite your references

How it will be graded VVVVVVVVVVVVV

  For the case study identify 2 key problems and identify the risk factors.   From this analysis determine the root cause.  You must support your response and provide a thorough understanding of your rationale in your root cause analysis.  grade is based on the development of the RCA for your case study.

Refer to the database design crested in Lab 2: Modifying a Database Design to complete this Lab.

Perform the following steps in MySQL or MS Access:

1. Create the tables and relationships from the database design discussed in Lab 2.
2. Add at least five records into each table (Note: You must determine the field values).
3. Create a query with all fields from the student table, where the student’s last name is “Smith.”
4. Create a query that includes students’ first names, last names, and phone numbers.
5. Create a query that includes instructors’ first names, last names, and courses they teach.