Professional Documents
Culture Documents
Assignment 5
Assignment 5
Bene Gesserit Urgent Care (BGUC) plans to continue utilizing the Sherwood Applied Business
Security Architecture (SABSA) framework, which focuses on connecting each security function to a
business goal, to drive the development of its employee and patient portals. The BGUC logical security
architecture described the key documentation, security controls and processes, and entities and their
attributes that will be used to achieve the security principals created in the conceptual security layer.
This physical architecture outlines how the concepts described in the logical security layer can be turned
into a real life construction (Sherwood et al., 2009).
Security Mechanisms
Security mechanisms are the physical ways that the previously established logical security
services will be implemented (Sherwood et al., 2005). The following security mechanisms are
recommended given BGUC’s previously proposed security services:
(1) Access Control Lists (ACLs): Specifies who has access to what information and what they can do
with such access. Based upon the role of the person and their job duties. Access will be provided
on a need to know basis in order to fulfill job functions (Brooks, 2023).
(2) Data encryption (rest & in transit): Encryption makes it more difficult for attackers to decipher
information in the event they ever gain access to BGUC’s data. BGUC should encrypt any
protected health information (PHI), electronic PHI, personal and sensitive information, and
payment information (Lord, 2020), and its devices that will have access to such information, such
as laptops and medical software (Sarkar, 2023).
(3) Physical Access Controls to Data Servers: Entry into the room with BGUC’s servers and key
hardware will require the correct access credentials. Credentials will only be granted to those
who have a need to access such assets. Third party access to these systems will require the
presence of an authorized employee (IBM, n.d.).
(4) Hashing: Hash functions, such as SHA-1, 2 or 256 (CISA, 2021), will be used to protect message
integrity, authenticate messages, and protect and maintain the integrity of stored data
(Sherwood et al., 2005).
(5) Digital Signatures: Used to help ensure the authenticity and integrity of data. Will require the use
of hashing and asymmetric encryption in order to encrypt and decrypt messages (CISA, 2021).
(6) Virus & Malware Scanning: BGUC will implement antivirus and antimalware software. These
softwares will help protect against viruses and malware, identify, remove, and/or stop malicious
activity (Panda Security, 2020). Virus and malware scanning will be performed on an ongoing
basis.
(7) Public Key Encryption (aka - asymmetric encryption): Requires the setting up for a public key and
private key. This will be used for most data transfers and sharing as it provides confidentiality,
authenticity, and non-repudiation (Gluttony777, 2023).
(8) Private Key Encryption: Only requires the set-up of a private key. This will be used only for larger
transfers of data and only with internally pre-approved recipients because it only accounts for
confidentiality (Glunttony777, 2023).
(9) Passwords: Each user will be required to have a password to login into the portal. Passwords
must meet the dictated criteria, which will include, at minimum, a minimum password length,
inability to use common phrases/words, and the inclusion of at least one special character,
capital and lowercase letter (each), and number.
(10)Authentication Protocols: Authentication exchange protocols and authentication server systems
(e.g., multi-factor authentication) will be required to authenticate the entity requesting the
information (Sherwood et al., 2005).
(11)Asset Removal/Disposal/Reuse: Assets will be removed off-site only when they are at end-of-life
and/or no longer function properly. Appropriate purge processes will be following, such as NIST
800-88, will be followed prior to the reuse or disposal of any BGUC equipment or assets (IBM,
n.d.).
(12)Training: Provided to teach employees on how to best identify and disclose potential security
issues to the cyber security team. To be updated and completed no less than once per year.
https://www.digitalguardian.com/blog/what-file-security-best-practices-tools-security
Chipeta, C. (2023, October 13). How to perform a cybersecurity audit: a 3-step guide. UpGuard.
https://www.upguard.com/blog/how-to-perform-a-cybersecurity-audit
Cranford, J. (2023, July 7). Incident response plan: frameworks and steps. Crowdstrike.
https://www.crowdstrike.com/cybersecurity-101/incident-response/incident-response-steps/
Cybersecurity & Infrastructure Security Agency (CISA). (2021, February 1). Understanding digital
signatures.
https://www.cisa.gov/news-events/news/understanding-digital-signatures#:~:text=What%20is%
20a%20digital%20signature,%2C%20or%20a%20digital%20document).
https://www.ibm.com/cloud/architecture/architectures/physical-security-arch
Imprivata. (2023, November 27). Enhancing cybersecurity: why third-party access management is needed
https://www.imprivata.com/blog/enhancing-cybersecurity-why-third-party-access-management-
needed-now-more-ever
Lord, N. (2020, September 17). Healthcare cybersecurity: tips for securing private health data. Digital
Guardian.
https://www.digitalguardian.com/blog/healthcare-cybersecurity-tips-securing-private-health-dat
Gluttony777. (2023, May 22). Difference between symmetric and asymmetric key encryption. Geeks for
Geeks.
https://www.geeksforgeeks.org/difference-between-symmetric-and-asymmetric-key-encryption
Office of the National Coordinator for Health Information Technology. (n.d.). What is an
https://www.healthit.gov/faq/what-electronic-health-record-ehr
Panda Security. (2020, August 9). Difference between antivirus and antimalware + do I need both?
https://www.pandasecurity.com/en/mediacenter/difference-between-antivirus-antimalware/
Sarkar, S. (2023). 8 ways to maintain better healthcare information security. Select Hub.
https://www.selecthub.com/medical-software/ehr/5-ways-maintain-healthcare-information-sec
urity/?amp=1
Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture. Focal Press.
Sherwood, J., Clark, A., & Lynas, D. (2009). Enterprise Security Architecture [White Paper]. SABSA
Institute.
https://sabsacourses.com/wp-content/uploads/2021/02/TSI-W100-SABSA-White-Paper.pdf
Suszterova, S. (2023, March 7). Physical Data Model vs. Logical Data Model. GoodData.
https://www.gooddata.com/blog/physical-vs-logical-data-model/