Need A Trustworthy Cryptography and Network Security Assignment Help Online? Hire Online Tutor Now!

Home   Course  
Previous << || >> Next


CI7300 - Data Management and Governance - Kingston University London

Section A: Cryptography

Question: A small private healthcare organization has contracted you to investigate the requirements of encryption in their information systems and to develop a robust policy for its use. Write a formal report outlining your findings and presenting your recommendations.




In this report, we will discuss the need for cryptography in a small private health care organization. As the system is online in most of the organization, most of the company's data is online and the risk of theft of the data is also increasing. Many hackers are trying to break into the system constantly as they want to access the crucial information of the organization to defeat it in the market. So the need for data security is very crucial and on a priority list in a firm. Billions of dollars' worth money are stolen or in loss throughout the world in a year due to cyber-attacks in the organization. Cryptography is one of the methods to secure the data on the server so that anyone could not access the important data of the organization. The two vulnerable points in a system for cyber-attacks are an easy method to sign in the system and the poor architecture of the database structure of the company. In a health care organization, they mainly store the personal details of the patient, medical history of the data, hospital staff details, and their daily tasks and working hours, stocks and the inventory, report of the clinical research and lab tests, etc. Cryptography is a method that allows data to be encrypted using different mathematical logic. This method provides assurance to the owner of the firm of its data security as if someone able to access the database or server he cannot fully acknowledge the data file as it is encrypted with mathematical logic. It means one cannot understand what it is actually means. Hackers cannot use this information for any purpose. This also provides secure communication between the numbers of people in a network.

Earlier we use papers to register the patient's medical history and other information, but it is very time-consuming and hectic to manage all the records. We need extra space for keeping all the files and there is a constant fear of losing the data as they were in physical form and prone to fire and another natural disaster. This creates a long trail of papers that need extra human labor and time to manage all the data. Now with the computerization in most of the health care sectors they use Electronic Health Records (HER) and Electronic Patient Records (EPR) to store all the patient's information. With the help of these tools we can see all the information regarding the patient in one place like medical history, current treatment, lab test results, medications, treatment plans, allergies, diagnose, etc. It is handled by a trained professional and capable of sharing the information in more than one health care department or provider. This will improve the care of the patient, its participation, diagnostic, cost savings and treatment efficiency of the patient. Cryptography is very necessary for Electronic Health Records (HER) and Electronic Patient Records (EPR) as we sharing this information to many health care providers. This needs to be a safe and secure communication because it is very sensitive data and one can manipulate it and this can lead to the dangerous outcomes for the patients and the health care organization.

Objective of the cryptography for a secure communication:

We use cryptography to achieve different targets; we can summarize it in confidentiality, integrity, and authentication of the data communication.

Using the cryptography method we can create confidentiality of the information stored or transferred. No unauthorized person will able to access the actual information; if somehow he receives the data by the false approach he cannot able to read it as it is encrypted. To access the actual information one will need the right decryption key which is nearly impossible to duplicate.

Cryptography also used to ensure the integrity of the information stored or transferred. Because it is very sensitive information and there will be dangerous outcomes if it changes a little bit from the original content. We use a hashing algorithm and message digest to create 100% assurance of the integrity and accuracy of the data.

We can also use cryptography for user authentication to increase the security of data communication. We can use a digital signature, public key infrastructure, etc. to authenticate the right user.

Architectures for a Cryptographic algorithm for a public health care organization:
There are basically two algorithms used for the secure data transfer over a channel, symmetric and asymmetric algorithms. In symmetric algorithms, we use only a single key for the encryption and the decryption for the data transmission while in the asymmetrical algorithms we use many separate keys for the encryption and the decryption. First, we need to understand thoroughly the health care needs and accordingly we analysis the hardware required for the cryptography. We have many design approaches to implement the required hardware as ASICs (application specific integrated circuits), GPPs (General Purpose Processors) etc. We should design a flexible hardware design that fulfills all the necessary demands of a health care organization.

We can categorize cryptographic architecture in two parts: a) cryptoprocessors B) multi-core crypto processors

Cryptoprocessor works with the system host processor. The host processor commands the crypto processor through a system bus. Cryptoprocessor uses its local memory to store the encryption and decryption key. It is relatively more secure to store the key in local memory than the main memory. The host processor controls the crypto processor and gives it the required information. In a crypto processor, there is an arithmetic logic unit which consists of local memory for data storage and a control unit. Performance of the system depends upon connectivity between the host processor and a crypto processor or co-processor.

In a multi-core crypto processor, there are simultaneous crypto calculations using many cores. This will increase the speed of the system, the programming power of the system and consume low power in calculations. In these systems, there is the main controller and multiple data storage and control units.


Protection of static data and data in transit using the cryptography:
Data in transit means movable data; data can be moved from one location to another location in a network or internet. The security of data in transit is more vulnerable than static or stored data. We have to provide security to the data as it moves from one network to another using cryptography. Static data or data in rest is not constantly moving from one network to another, it is stored in one particular place as in computer hard drive, flash drive or stored by some other methods. It is less vulnerable to attack as compared to data in transit. It has more important and secret information than the data in transit this is why it is more prone to attack by hackers.

Data in transit implies that data is not stored at one place, it is constantly moving across different networks in different locations. Protection of the data in transit means that data should not lose its core value when it travel from one location to another location in different networks or when we move it from the stored memory drive to the online server storage. Data in transit is more vulnerable to the cyber-attackbecause its memory address is keep on changing while it moves across the different networks. Data must be protected in both the states, for this we use encryption of the data. For securing the data in transit we encrypt the data before it moves to the networks, and we also use the encrypted connections between the networks for further security of the data in transit. We use HTTPS (Hyper Text Transfer Protocol Secure), SSL (Secure Sockets Layer), TLS (Transport Layer Security), FTPS (File Transfer Protocol Secure), etc. encrypted channels for the security of data in transit. For securing the data in the static form we have to simply encrypt the data prior to storing or we can encrypt the storage drive too.

NHS (National Health Service) guidance for encryption in health and care organization:
We should always keep in mind the guidelines made by the NHS (National Health Service) for using the encryption in health and care organization. According to the NHS aim of the encryption should be to protect the data in transit and data in rest. First, it should identify the data processed by the organization. Then we have to categorize the data based on the security and the sensitivity. It should be noted that what transmission channel company uses to transmit, store or process the data. Where is it should be the protected the data in transit or static data? Determination of the level of coding needed to safe the data.

The encrypted key is created by the key manager using the cryptographically secure random bit generator, it also stores the key. It carries all the key attributes in the key storage database. the attributes are the name of the key, its activation date, size of the key, an instance of the key, the ability of the key to be nullified, rollover of the key, duplicate copy of the key, accessing of the key, etc. The key manager should keep the record of the current and the past versions of the encrypted key. The key manager should have full control whether the key can be deleted or not, it can be mirrored or not and most importantly who can access the key. The key manager should allow the managing director of the organization to alter the attributes of the key at any time. If a key becomes obsolete or nobody uses it or the access of the encrypted key is in unauthorized hands, the managing director or encryption key generator should have power to nullify the key forever from the encryption data base. He instructs the key manager then he will remove all of its versions and the recovering of the key is nearly impossible only if he has the backup image through which it can be restored. If the key is nullified then the accessed data will be safe forever and it will be impossible to recreate the key for that data.

In the today world, maximum organizations are online and need to have the security of the data is increasing. In this report, we have learned how cryptography works in a health care firm. How the cryptography provides security to the system through the encryption of the data. What are the main objectives of applying cryptography in the system? What are the cryptographic algorithm and architecture used in the health care providing organization? Using cryptography we can secure our static data as well as data in transit. We had also discussed the various criterions for the encryption in the health and care sectors, according to the NHS (National Health Service). This method provides assurance to the owner of the firm of its data security as if someone able to access the database or server he cannot fully acknowledge the data file as it is encrypted with mathematical logic. Basically, in cryptography, we hide the data information so that no one can randomly access the secret information. Cryptography is used in secure payment in the online transition. It is basically used where the security of the data is a top priority. According to the NHS (National Health Service), the encryption of data should be done to protect the data in transit as well as for the static data. First, it needs to process all the data of the hospital and categories it according to its sensitivity and security. It also checks all the transmission channels used for communication and sees their effectiveness against a cyber-attack. The organization must also determine which level of encryption is needed to protect the data as per its sensitivity.


Section B:Data Governance and Identity Theft

Question: Select an identity theft story from the media or from the literature or stories you heard of or experienced. In order to contain the scope of the assignment, it is suggested you focus on two issues for the Health Information Governance.


In this report, we will discuss the case of East Surrey Hospital is an NHS (National Health Service) hospital. It is situated in the white bushes area of Red Hill in the surrey, United Kingdom. It is taken care of by the Surrey and Sussex Healthcare NHS Trust. In September 2010 East Surrey Hospital lost its data of eight hundred patients. According to the East Surrey Hospital, there was a memory stick that is stolen and has the crucial medical information of its eight hundred patients. In the memory drive, patient's personal details including their name, address, patient's date of birth, patient's medical history, medications, operations, assigned doctor, etc. were stored. They found about the missing memory drive in NHS (National Health Service) 2010-11 annual report. The main concern of the data was that it was unencrypted however chief executive of the NHS (National Health Service) Mr. Michal Wilson stated that there is no evidence that data is found and used by someone else. According to the NHS (National Health Service) trust policy, it is mandatory that every staff member of the hospital use encryption of the data related to the patients while communicating with each other.

It is very possible that sensitive and important data of any company can be stolen like in the case of East Surrey Hospital. So one question should arise in front of any company that what possible measures should be taken by the firm to avoid this situation. One answer to this problem can be cryptography. Data can be compromised physically as well as online by hackers. If the data will be encrypted with good mathematical logic, it is of no use to others even they get the data of the firm. Without the encryption key decryption of the data cannot be possible. Another possible solution there should be a backup of the data related to the patients. Surrey and Sussex Healthcare NHS (National Health Service) Trust should make a policy to back up all the files and data of the hospital on a weekly or monthly basis. This back up should also be in the encrypted form. East Surrey Hospital must use secure channels for data transfer. This channel must be dedicated to only the transmission of crucial data of the patients. A hospital must use double encryption in the transfer of the data. Before the transmission of the data, it should be encrypted and the transmission channel should also be encrypted for added security of the sensitive data. To use encrypted connections between the networks we must follow certain protocol like HTTPS (Hyper Text Transfer Protocol Secure), TLS (Transport Layer Security), SSL (Secure Sockets Layer), FTPS (File Transfer Protocol Secure) etc. A hospital should encrypt both types of data, one which is movable between different networks and the one which is stored in one place.

In the same annual report by NHS (National Health Service) it is stated that there was a total of eight hundred and six breaches in the period of July 2008 to July 2011. The law against data theft is weak. Data Protection Act (DPA) 1998 is the only law that protects data theft in an organization. Because this law was introduced in 1998 it has many weak points and it needs to revise. There is no strong action if someone steals the data which may cause a huge loss to the organization. There is no strong provision for punishment if someone steals the data and sells it to the third party for the benefit. Organizations and hospitals must be motivated to disclose the breaches in their data. They must file a report and use the DPA (Data Protection Act) to file a suit against the breach. Also, NHS (National Health Service) employees must be stricter because they have failed to follow the guidelines made by the National Health Service to use the encrypted data related to the patients in the communication. Here the role of the National Health Service is also very important to avoid a data breach in the hospital. National Health Service must be responsible and transparent to the disclosing of the data breach.

The current law of DPA (Data Protection Act) does not demotivate the individual who intended to commit the data theft crime. It must have a clause of custodial punishment as data is an individual firm property and it is also a clear violation of privacy as well. It may cost a huge loss to the firm in terms of monetary as well as emotionally. The only prison sentence is in the violation of section 55 of the DPA (Data Protection Act). This must be included in the majority of the sections to discourage the perpetrators. This provision is also backed by the Justice Select Committee, Information Commissioner's Office, Home Affairs Select Committee, the joint committee on the draft communications data bill.

One other drawback is there is no criminal record maintained against the individual who compromises the data. This will motivate the individual to do the crime again and again after he is acquitted from the trial.

A data breach also happens because of ill training and management by the staff members. It may be possible that a new employee may upload all the data to the open server or mail it to the wrong individual or place memory drive to the wrong place. So the hospital needs to improve its training and management to the staff. It has to make proper guidelines and procedures to handle private information. The firm needs to aware of the staff about their responsibility and the importance of the job and makes strict laws to fail to achieve the desired goal.

The DPA (Data Protection Act) 1998 tells that if you collect any information from any other resources it should be for the "legitimate purposes" and this information should not harm the individual or the organization. There are some drawbacks in his sections which lower its effectiveness to the culprit. Section 55 states about the stolen data and acquiring someone personal information without their consent. Subsection four of the article 55A states that the Information Commissioner's Office will be responsible for imposing the fine on the individual who violates the sections of the DPA (Data Protection Act). The judge cannot fine to the culprit and there is no law for a custodial sentence against the perpetrator. Later the NHS (National Health Service) Surrey fined for two lakh euros when it compromised the data of three thousand patients by selling one of its computers on an e-commerce site. East Surrey Hospital must learned a lesson from this and strictly follow the NHS (National Health Service) guidelines of the encryption of the data

In this report, we have discussed the case of the data theft from the East Surrey Hospital which is supported by the NHS (National Health Service). We have learned that the main reason for data theft is because it did not follow the guideline of the NHS (National Health Service) for the encryption of the data. If the data were encrypted and backed up in the memory drive they can recover the data easily even after the stealing of the memory stick. One other drawback was that there is no strict law for the perpetrators in the DPA (Data Protection Act). There is no serious discouragement for the culprit to not repeat the crime. In many sections, there is no provision for the custodial punishment for the accused. The judge cannot section a fine on the accused; fine must be imposed by the ICO (Information Commissioner's Office) of that organization. This DPA (Data Protection Act) needed to revise on an urgent basis to lower the data theft crime. Law must include the custodial punishment for the accused and a heavy penalty so that all criminals will be discouraged to do this crime. This will cause the hospital a great loss. Its efficiency and way of doing things will be in question. So it will be in his priority list to safeguarding it's patient's information.


Section C: Network Security

Q1. Identify and discuss the specific assets relevant to a typical healthcare network.
Q2. For a subset of critical assets, identify typical threats and assess vulnerabilities.
Q3. Building upon the above, perform a risk analysis for this typical healthcare network.
Q4. Design security controls mitigating the risk as identified. Discuss the strengths and weaknesses of these controls and how they complement each other in an effective secure design.
Q5. On the basis of this formulate an appropriate basic security policy for an organisation in charge of that network.


Networking plays an important role in the effectiveness of working in the health care sectors. It connects various departments and staff across a hospital. Networking used to face complex problems by the staff and users. Healthcare providers can take advantage of the network connectivity, they can monitor the patient in real time with the help of the network, and this will eradicate the frequent visit done by the doctors. Hence cost cutting will be done at the hospital. This way we analyze that the home care facility will be much cheaper if it has the network connectivity with the hospital. If we connect hospital infrastructure to cloud computing it will be very beneficial for the patients as doctors will be able to take the decisions much effectively because they get a live feed of the patient conditions on the evidence-based. This will save crucial time for the patients and the treatment outcome will be effective. By networking, patients conditions can be accessed on real-time data and they can take a good guess what about to happen and be ready for that. So if the patient's health is going to critical they can start treatment before things can get out of hand. We can cut down human labor as well as wastage as we can make decisions based on the data, we can also automate the working schedule. This will save time and make a cost-cutting in the hospital and minimize the human-based error. By networking connectivity of the patients to the health care providers will be improved, hence all the needs of the patient will be fulfilled on a priority basis. Accuracy of treatment and diagnosis will be improved and the doctor can timely examine the patients giving them the best service. Drug creation and management are also done effectively with the help of networking.

There are various assets required for a network based applications to work effectively. We use electronic medical records (EMRs) for feeding the patient information like the patient's name, patient's date of birth, patient's medical history, medications, patient's address, staff member details, staff working schedule, inventory, and sales record, patient's lab tests and reports etc. This way we can manage the health care facility effectively. This will also lower the total cost paid by the patient as well as increase the efficiency of patient care.

But there are some drawbacks for these network systems as they pose significant security threats. Bugs, hackers, Poor handling by the employees, manmade error can impose danger to these network systems. This should be in the top priority list of an organization. Better center management system, cryptography, simple architecture of the database, secure channel for communications, trained employees to handle the system, etc. are some measures that a health care system should take in order to safe and secure network systems. If we follow these methods we can easily prevent a possible cyber-attack easily. A health care system should develop a policy for accessibility of its important data and monitoring of the central control systems. They can set a benchmark for themselves and follow the guidelines religiously. They also keep doing tests and checkups to find out vulnerable points and loopholes in the network systems like physical security. Network providers should also monitor the system after implementing them and find out the potential threats to the system and customize it accordingly. There must be a developed security policy by an expert. These policies should be designed in such a way that it will be followed in step by step basis and we must not able to miss any step as the next step will not do until all previous steps are followed correctly.

Hackers can do the hacking using the packet sniffers as they can access the data which is in the server as username and password. IP spoofing is another technique used by hackers to control a master computer to get access to the network secret information. Defacing is also a major threat in health care providing facilities as it may interchange the data of patients can lead to severe results. Hackers can use the denial of service program (DOS) present on the internet to shut down the network system by using all of its resources on the application, operating system or in the network server. Spamming mail is also a major malware used by the cyber attackers to slow down the network system as they occupy all the vacant space in the memory drive. Hackers use ‘man in the middle attack' to get access to the packets in the network and take control of the network session to access the resources. Viruses, worms, bugs, malware and Trojan horses are global threats to any network-based institution. These are the software's which are secretly hidden with another program to get access to all the stored information in the system. HTTP (Hyper Text Transfer Protocol) attacks are done in transmission communication channels to get access in the network server of an organization. By gaining access to the server then can access all the resources that will be put online.

In this report, we have discussed the various asset required for establishing a network system in a health care providing institution. We have also discussed their vulnerable and strong points. We have seen that what are the possible loopholes in a network system in a health care service and how can we eradicate it to make a strong system. We saw that what are the methods used by the cyber attacker to get access to the private information of an organization.


Acquire our Kingston University London Assignment Help services for its major courses and academic units such as

  • Agile Project Development Assignment Help
  • Modelling Enterprise Architectures Assignment Help
  • Project Dissertation Assignment Help
  • eBusiness Strategy and Implementation Assignment Help
  • Data Management and Governance Assignment Help
Tag This :- EM201983RYA59DBMS, Cryptography and Network Security Assignment Help

get assignment Quote

Assignment Samples

    Business Intelligence Assignment Help

    business intelligence assignment help - Identify and explain different business processes and supporting processes models used at the selected organisation

    Criminology Assignment Help

    criminology assignment help - repressive practices of domination, inequality, and inhumanity found within the structure of power in society.

Get Academic Excellence with Best Skilled Tutor! Order Assignment Now! Submit Assignment