Question 1: Read the following case study and suggest security measures required to be taken for following categories:

1. Network Infrastructure Security
2. Data Security
3. Application Security
4. Communication Security

Case Study

A hospital is using a computing environment to provide its patients and staff facility of automation of different business processes. There are 40 doctors, 100 nurses and paramedical staff. 100 to 200 patients come daily in hospital in OPD (outpatient department). On average there are 1200 admitted patients.

Hospital has three local area networks: one is wire based and two are wireless networks. There are 100 desktop and laptop computers connected to wire based network. One of wireless network with SSID staff is for doctors and staff of hospital to connect their smart devices with this network. Other wireless network is public which is openly available for common public to use. There are three access points and 5 switches in this network.

Hospital is running three software: hospital MIS for registration of patients and maintain staff duty information. Each doctor is provided with a software called EMR (Electronic Medical Record Keeping system), a desktop application for storage of patient appointments, their symptoms and treatment information. There is a website of hospital published on a remote machine which is accessible by patients and doctors on the membership basis. Each of these applications is using databases. MIS has a database located on a machine which is configured on the LAN of hospital. Each EMR application maintains its own databases which are available on every doctors machine. Hospital website is using a database which is configured on the machine at which web site is published. There is synchronization software which synchronizes data from EMR database to MIS database. It works through TCP/IP protocol stack using a customized TCP based client and server applications.

Patients personal information like Patient Name, Date of birth, social security number, patient disease, patient treatment, medication is required to be kept confidential from the public. Doctors personal information and contact numbers are required to be kept confidential. Also patient appointment information should be visible to only doctor and para medical staff but not anyone else.

NOTE: DO NOT, I REPEAT, DO NOT COPY IT FROM OTHER CHEGG ANSWER AND/OR FROM INTERNET. IN CASE YOU DO IT, I'LL REPORT YOUR ACCOUNT TO CHEGG AND GET IT PERMANENTLY BANNED.