Original file attached. Comments below are to fix the original, sections 1-3.
Overview for Vendors
Insert paragraph here
Arlecia, this paragraph can be shorter rather than longer – it is just laying the groundwork. By the way, it is not supposed to address a Key Management Plan. It should address this:
Discuss the types of data that may be stored in the system, and discuss the importance of keeping this data secure. Include this information in the RFP.
If you think about the earlier work you did on the Superior Health Care, and the types of data found in an Electronic Records management system that should help provide context for this section. Data like: patient monitoring data, billing data, medical charts and other nurse type data, diagnosis and other doctor type data, embedded medical device data (e.g. highly sensitive and life-supporting real-time data), and so on.
Access Log and Context
Insert Paragraphs Here
Arlecia, the reference for this section says to provide context for the vendors to understand what our Relational Database Management System is:
It is important to understand the vulnerability of a relational database management system (RDBMS). To that end, read about security concerns common to all RDBMSs. Then, provide the security concepts and concerns for databases. As a standard, the database with the information for medical personnel and emergency responders needs to identify at least three, no more than five, security assurance and security functional requirements of the database. Include this in the RFP.
I believe we should use “MySQL” which is a type of data base. Think of things like enforcing Role Based Access Control on database table and views. Also read the “Database Defensive Measures” section below for some context. Also use this reference to help you form ideas for this section is: http://www.sciencedirect.com/science/article/pii/S…
Vendor Security Standards
Insert Paragraphs Here
Arlecia, the instructions for this section state to:
Address the concepts and issues with respect to disasters and disaster recovery, mission continuity, threats, and cyberattacks. Include this in the RFP.
Try this reference to help (see slide #8 and focus on evaluation assurance levels one thru four. https://umuc.equella.ecollege.com/file/6aa8bfb8-70…