A fictional organization that manufactures medical equipment (feel free to choose your own name for the organization) is soliciting bids to hire someone to conduct a top-to-bottom Computer and Network security audit and to develop policy to enhance their Computer and Network security posture. You are charged with writing a proposal so your company can bid on and hopefully win the contract to conduct the security audit. This paper should be written as a proposal to win the contract to conduct the Computer and Network security audit. The proposal should contain specific details of different Computer and Network topics/security topics, the risks of those topics, what you propose to audit as well as your thoughts/philosophies on “hardening” the Computer and Network security posture of this medical equipment company. Medical equipment company background.
1. This company manufactures medical testing equipment such as X-Ray, MRI and CAT scan machines. They also manufacture lab testing equipment which is used to determine the status of patient samples.
2. In order to test their equipment the company regularly receives sample patient data
3. The company has offices across the United States with main offices in New York City and San Francisco as well as branch offices in Chicago and Seattle. Here is what each office does: NYC – Headquarters, Finance & Marketing, IT San Francisco – Manufacturing, IT Chicago – Client support Seattle – All back office functions, i.e. accounting, HR, etc…
4. The New York City and San Francisco offices have data centers
5. As they manufacture medical equipment the company frequently interacts with Hospitals, Doctors, Insurance companies and City, State and Federal governmental agencies.
6. Being in the medical field they are very concerned about Computer and Network security. As a result they are soliciting proposals from vendors to come in and perform a top-to-bottom computer and network security audit as well as to develop and provide policy around computer and network security