Project 5: Database Security Assessment
Start Here

Modern health care systems incorporate databases for effective and efficient management of patient health care. Databases are vulnerable to cyberattacks and must be designed and built with security controls from the beginning of the life cycle.

Although hardening the database early in the life cycle is better, security is often incorporated after deployment, forcing hospital and health care IT professionals to play catch-up. Database security requirements should be defined at the requirements stage of acquisition and procurement.

System security engineers and other acquisition personnel can effectively assist vendors in building better health care database systems by specifying security requirements up front within the request for proposal (RFP). In this project, you will be developing an RFP for a new medical health care database management system.

Parts of your deliverables will be developed through your learning lab. You will submit the following deliverables for this project:

Deliverables

  • An RFP, about 10 to 12 pages, in the form of a double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations. There is no penalty for using additional pages. Include a minimum of six references. Include a reference list with the report.
  • An MS-Excel spreadsheet with lab results.

There are 11 steps in this project. You will begin with the workplace scenario and continue with Step 1: "Provide an Overview for Vendors."

Competencies

Your work will be evaluated using the competencies listed below.

  • 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
  • 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
  • 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.
  • 1.8: Create clear oral messages.
  • 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
  • 2.2: Locate and access sufficient information to investigate the issue or problem.
  • 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
  • 2.4: Consider and analyze information in context to the issue or problem.
  • 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
  • 4.2: Demonstrate the ability to plan and execute a project, articulating clear objectives and goals for the team.
  • 9.4: Manages and supports the acquisition life cycle, including planning, determining specifications, selecting, and procuring information and communications technology (ICT) and cybersecurity products used in the organization's design, development, and maintenance of its infrastructure to minimize potential risks and vulnerabilities.