Provide an Overview for Vendors
Provide vendors with an overview of your organization
Identify which departments or individuals will use the Security Concerns Common to All RDBMS, and for what purposes
Include the types of data that may be stored in the system and the importance of keeping these data secure
Provide Context for the Work
Explain the attributes of the database and describe the environment in which it will operate
Describe the security concepts and concerns for databases
Identify at least three security assurance and security functional requirements for the database that contain information for medical personnel and emergency responders
Provide Vendor Security Standards
Provide a set of internationally recognized standards that competing vendors will incorporate into the database
Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks
Describe Defense Models
Define the use of defense models
Provide requirements in the RFP for the vendor to state its overall strategy for defensive principles
Explain the importance of understanding these principles
Explain how enclave computing relates to defensive principles.
Define enclave computing boundary defense, include enclave firewalls to separate databases and networks.
Define the different environments you expect the databases to be working in and the security policies applicable
Overview of Organization
Our organization is a medical center that provides a variety of services, including emergency care, inpatient and outpatient surgery, and diagnostic imaging. We have a team of highly skilled medical professionals who are committed to providing our patients with the best possible care.
Security Concerns Common to All RDBMS
The following are some of the security concerns common to all relational database management systems (RDBMS):
Types of Data Stored
The database will store a variety of data, including:
Importance of Keeping Data Secure
The data stored in the database is confidential and sensitive. It is important to keep this data secure to protect the privacy of our patients and to prevent unauthorized access.
Context for the Work
The database will be used by a variety of departments and individuals, including:
The database will be used to store, retrieve, and analyze data related to patient care, emergency response, financial management, and human resources.
Security Concepts and Concerns for Databases
The following are some of the security concepts and concerns for databases:
Security Assurance and Security Functional Requirements
The following are three security assurance and security functional requirements for the database:
Vendor Security Standards
The vendor must meet the following internationally recognized standards for database security:
Disasters and Disaster Recovery
The database must be designed to withstand disasters, such as natural disasters or cyberattacks. The vendor must have a disaster recovery plan in place to restore the database in the event of a disaster.
Mission Continuity
The database must be available 24/7 to support the mission-critical operations of our organization. The vendor must have a business continuity plan in place to ensure that the database is available in the event of an outage.
Threats and Cyberattacks
The database must be protected from threats and cyberattacks. The vendor must have a security plan in place to protect the database from these threats.
Defense Models
The vendor must use a defense-in-depth approach to security. This means using a layered approach to security that includes physical security, logical security, and data encryption.
Overall Strategy for Defensive Principles
The vendor must have an overall strategy for defensive principles. This strategy should include the following:
Importance of Understanding These Principles
It is important to understand the security principles that are used to protect databases. This understanding will help to ensure that the database is properly protected from unauthorized access, modification, or destruction.