During my Fall 2017 semester, I took Information Security. The final project for this class involved contacting a local business and conducting a free IT Security Risk Assessment. Once chosen, the group meets with the selected business to ask a bunch of security questions to perform a risk assessment. The answers are then analyzed by the group, and feedback is given to the business on what kind of risks are apparent in their security.
My group's business of choice was Sora Medical Clinic, a small walk-in clinic. They operate by accepting clients without requiring insurance, but fees and such are paid by the client. Upon scheduling a meeting, we came up with a list of questions based on our lectures from the class.
Linked here is the very list (with answers omitted for privacy reasons):
https://drive.google.com/file/d/1J941GwBvj8M-jcaAfCAjlWFyF6DghXJ-/view?usp=sharing
To my group's surprise, the clinic was VERY secure, and had a ready answer to nearly every question. This was due to a reliable security consulting contractor they hired to take care of their security for them, and the strict regulations imposed by HIPAA. When we found out the reasons, it was less surprising.
However, when compared to other groups on presentation day, our business was one of the best prepared out of all the groups! This made our job pretty difficult when putting together the recommendation (in the form of an executive summary, which is unavailable due to privacy reasons) and presenting meaningful observations. We instead had to focus on what they did right, and how strictly they had to follow HIPAA guidelines.
Linked here is the presentation:
https://drive.google.com/file/d/1QBmTAw_cmcz6Pe6yF89g6dVoOZyTIgEa/view?usp=sharing
We ended up making an A on the project, but the grade was less important when compared to the real world experience. We actually got to act as legitimate security consultants for a business, which in turn helped us learn a lot! We did end up getting nit-picky, but the issues we presented were still important ones. It was quite the challenge to identify them though, but the challenge was most welcome!
Getting hands-on experience like this will always be a great experience, and I hope to share more on this blog! I'm currently in the process of putting together some older projects from earlier in my academic career at UTD. Stay tuned and thanks for reading!
My group's business of choice was Sora Medical Clinic, a small walk-in clinic. They operate by accepting clients without requiring insurance, but fees and such are paid by the client. Upon scheduling a meeting, we came up with a list of questions based on our lectures from the class.
Linked here is the very list (with answers omitted for privacy reasons):
https://drive.google.com/file/d/1J941GwBvj8M-jcaAfCAjlWFyF6DghXJ-/view?usp=sharing
To my group's surprise, the clinic was VERY secure, and had a ready answer to nearly every question. This was due to a reliable security consulting contractor they hired to take care of their security for them, and the strict regulations imposed by HIPAA. When we found out the reasons, it was less surprising.
However, when compared to other groups on presentation day, our business was one of the best prepared out of all the groups! This made our job pretty difficult when putting together the recommendation (in the form of an executive summary, which is unavailable due to privacy reasons) and presenting meaningful observations. We instead had to focus on what they did right, and how strictly they had to follow HIPAA guidelines.
Linked here is the presentation:
https://drive.google.com/file/d/1QBmTAw_cmcz6Pe6yF89g6dVoOZyTIgEa/view?usp=sharing
We ended up making an A on the project, but the grade was less important when compared to the real world experience. We actually got to act as legitimate security consultants for a business, which in turn helped us learn a lot! We did end up getting nit-picky, but the issues we presented were still important ones. It was quite the challenge to identify them though, but the challenge was most welcome!
Getting hands-on experience like this will always be a great experience, and I hope to share more on this blog! I'm currently in the process of putting together some older projects from earlier in my academic career at UTD. Stay tuned and thanks for reading!
Comments
Post a Comment