Information Technology Capstone: Task 2
Western Governor University
ABSTRACT
IT Business Problem Under Investigation
The current state of the department of health’s logical network is unfortunately not segregated from the non-health associated departments in the organization. The implementation of a customary Health Insurance Portability and Accountability Act (HIPPA) security model is needed to provide both best practices and sites consistent with the standard of secured accessibility.
Proposed Solution
HIPAA advises covered entities must also implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronically protected health information. The current network environment will need to implement a cybersecurity methodology that aligns with the security technical implementation guide. The Medical Treatment Facilities can’t be combined with the organization’s network. Clients and their health providers of the health departments deserve for the client’s data to be protected and have an avenue to access records in a secure environment.
Project Management Concerns of Concurrently Managing Multiple Projects and Resources
The project management concerns of concurrently managing multiple projects have to depend on functional managers to conduct tasks along with the timeline. The plan involves allocating resources amongst the project stakeholders i.e. IT departments and its functional and health operations managers.
Project Stakeholders and Needs
One of the success factors of this project will involve the engagement of multiple stakeholders such as the IT department, health operations managers, vendors, outside managers, among others. Interviewing key stakeholders of this project will create a common understanding of the projects requirements and will form the basis of making key decisions during the implementation of various tasks.
Key Points of the Implementation Proposal
The key points of the proposal are this logical construct based on the implementation of a standard HIPPA security model intended to provide both best practices and equal access to subscribers and sites consistent with the principle of secure accessibility.
The Metrics that will Measure the Proposed and Actual Outcomes of This Project
A Gantt chart cost and benefits analysis will be the metrics used to measure the proposed and actual outcomes of this project. Adopting these two metrics will ensure that the tasks required are scheduled and tracked which will Help in them being completed within the scheduled timelines.
NEEDS ANALYSIS
Problems and Causes
A requirements analysis reveals the current status of the network isn’t compliant. HIPAA advises covered entities must implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronically protected health information.
Impact on Each Stakeholder Group
The current design doesn’t require resources and design that will have a positive impact on stakeholders such as the organizations, clients, and providers. Among the expected impact will be that there will be minimal downtime and inexpensive items to migrate the health network from the organization’s operations network.
Solution Alignment
Medical Treatment Facilities will utilize current network systems and will need to provide fiber paths to separate networks.
Adopting new and emerging technology will help the organization coordinate the transition of activities enabling the local Medical Treatment Facility to gracefully migrate off the organization’s network and into a network for only Health Agencies and to sustain certain core services after migration until the Health Agency network can fully provide those services. Moreover, having a dedicated network will support health care delivery, private sector partnerships, and medical research and development.
The best practices adopted by this project will involveensuring that client’s data is protected and health providers in various health departments have an avenue to access different records in a secure environment.
The current network environment will need to implement a cyber-security methodology that aligns with the security technical implementation guide. The methodology adopted has to ensure that the Medical Treatment Facilities can’t be combined with the organization’s network to enhance security. This method will be supported by the implementation of a standard security model intended to provide both defense-in-depth and equal access to subscribers and sites consistent with the principle of assured availability
COST ANALYSIS
Itemized Costs
Total a List
Total
$17,500.00
Item Cost
Fiber $15,000.00
SFP $2,500.00
Justification for Costs
The itemized costs involved in implementing this project are a minimal $17,500.00. After thorough, data calls between all regions and their MTFs, the majority held resources required to accomplish tasks. The fiber and SFP installations will be purchased in the first phase by all regions. This allows MTFs to install and prep service well in advance. An order of 800 fiber patch cables 10, 5, and 3 feet and 100 SFPs requested by MTFs to fulfill tasks. There aren’t any additional labor costs due to currently salaried employees assigned to the health network migration plan.
RISK ASSESSMENT
Qualitative Risk Analysis
The process of prioritizing risks is to gain the key benefit of reducing project managers level of uncertainty and to focus on high-priority risks. The required resources to implement this project are MTF, CFP, and NOC personnel as well as, fiber, IP availability for VOIP services and SFPs.
Personnel have primary, alternate, and alternate point of contacts for all deliverables and tasks. However, there is a risk timeline may not be met due to unforeseen circumstances. VOIP services will exist on a legacy framework until health network framework has stabilized. However, some MTFs may not have the capabilities to know what is needed to cutover after migration phase is complete.
Quantitative Risk Analysis
Currently, costs will cover any excess requirements for fiber and SFPs. MTFs have advised they will have prepared well in advance to accommodate requirements timeline. Labor costs are inherent to the task due to using staff and not contracting services. However, aren’t in excess to the migration budget.
Risk Register
MSITM Capstone Risk Register
Asset Threat/Vulnerability Existing Controls Likelihood Consequence Level of Risk Risk Priority
Fiber Path fiber congestion expansion capabilities Possible Moderate Medium Low
Router no available SFPs bench stock Possible Minor Low Med
Server Room overheating Monthly Checks Rare Major Low High
MTFs Transition timeline pushed project managers Almost Certain Moderate Medium High
VOIP Avail On Legacy Network MTFs not able to cutover to new network legacy network availability Possible Moderate Low Med
JUSTIFICATION
The success of this project will create a dedicated secure network for Medical Facilities utilizing within HIPAA standards. As well as, creating a robust network, having documentation for continuity to support operations & maintenance, best practices, and life cycle management. (Jin, 2008) argues that the engineering of such a migration minimally affects clients, cost, time, and implementation due to using the current infrastructure, having engineers configure network systems, and rerouting the fiber path to segregate networks. The use of current systems saves $45B in costs to the organization with little impact on the clients and only $17.5K in costs guarantees patients and providers secure accessibility to records.
PROJECT MANAGEMENT PLAN
Resources
This drawing illustrates the “To Be” network configuration. Note all communication between the two enclaves will traverse the AF ENFAAS and across to the DHA firewalls. The above resources are required resources needed for the MTF departments and NOC to implement the network migration plan.
Justification of Resources
The purpose of this document is to communicate transition activities enabling the local Medical Treatment Facility (MTF) to gracefully migrate off the organization’s network and into the MTF network and to sustain certain core services after migration until the MTF can provide those services on their own. This document will provide instructions on connecting the ENFAAS (Enclave Contro3rd Party Switch (organizations network) to the MTF’s provided Palo Alto firewall.
Resource Allocation Plan
The 3rd Party switch attached to the PA NGFW will be configured for DMZs currently attached to the Sidewinder. Cabling will be added for connections to the 3rd Party switch. One such DMZ will be the connection for the MTF across this 3rd Party Switch.
Gaps and Impact to Other Projects
The engineering of this migration minimally affects clients, cost, time, and implementation due to using the current infrastructure, having engineers configure network systems, and rerouting the fiber path to segregate networks. For other projects, the final output will be assessed within an Assessment framework of industry standards, regulations of accepted criteria by quality assurance
PROJECT PLAN DESIGN
Project Phases
The project phases will be implemented fiscally via territory regions. Below is a representation of phases.
Phase I: East Region MTFs
Phase II: Central Region MTFs
Phase III: Western Region MTFs
Phase IV: Alaska, Hawaii MTFs
Timelines
TASK ASSIGNED
TO PROGRESS START END
Phase 1 EASTERN REGION
Task 1 MTF requirements data call Name 50% 10/1/21 10/4/21
Task 2 Check resources data call 60% 10/4/21 10/6/21
Task 3 Schedule ASI/ Prep fiber path & SFPs 50% 10/6/21 10/10/21
Task 4 Implement cutover 25% 10/10/21 10/15/21
Task 5 QA burn-in, documentation, and create deliverables; send to PM to closeout Phase 10/5/21 10/7/21
Phase 2 CENTRAL REGION
Task 1 MTF requirements data call 50% 10/6/21 10/10/21
Task 2 Check resources data call 50% 10/8/21 10/13/21
Task 3 Schedule ASI/ Prep fiber path & SFPs 10/13/21 10/16/21
Task 4 Implement cutover 10/13/21 10/15/21
Task 5 QA burn-in, documentation, and create deliverables; send to PM to closeout Phase 10/13/21 10/16/21
Phase 3 WESTERN REGION
Task 1 MTF requirements data call 10/16/21 10/21/21
Task 2 Check resources data call 10/22/21 10/26/21
Task 3 Schedule ASI/ Prep fiber path & SFPs 10/27/21 11/1/21
Task 4 Implement cutover 11/2/21 11/6/21
Task 5 QA burn-in, documentation, and create deliverables; send to PM to closeout Phase 10/27/21 10/31/21
Phase 4 ALASKA & HAWAII REGION
Task 1 MTF requirements data call 10/31/22 11/1/22
Task 2 Check resources data call 11/2/22 11/3/22
Task 3 Schedule ASI/ Prep fiber path & SFPs 11/4/22 11/5/22
Task 4 Implement cutover 11/6/22 11/7/22
Task 5 QA burn-in, documentation, and create deliverables; send to PM to closeout Phase 11/8/22 11/9/22
Scope
The purpose of this project is to coordinate transition activities enabling the local Medical Treatment Facility to gracefully migrate off the organization’s network and into a network for only Health Agencies and to sustain certain core services after migration until the Health Agency network can fully provide those services. The dedicated network will support health care delivery, private sector partnerships, and medical research and development.
Assumptions
The MTFs will be operated as a single enclave with a coherent accreditation boundary. This logical construct is based on the implementation of a standard security model intended to provide both defense-in-depth and equal access to subscribers and sites consistent with the principle of assured availability. This follows the original design concepts for Military Health Systems Intranet but implements added segregation on the organization backbone from the organization network to protect the Global Information Grid (GIG) from the possibility of transitive risk related to medical business partner connections with the new MTF network The architecture assumes and is optimized for distributed database, application processing, and presentation layer infrastructure leveraging cloud-based services to manage end-user, system, and service availability and performance. Further, it is assumed and required at Full Operational Capability (FOC) that all core services associated with the Medical Community are available within the Med-COI.
Project Phases
This project is made up of four phases based on the different regions it will cover. The start date of the entire task in each of these regions begins in the same dateand also complete at the same time. Ensuring that all tasks in each of these four phases are well coordinated will help save on time and total cost of implementing the project.
Timelines
The project is expected to take approximately four months to complete running from mid September to early December. However, depending on other factors and how the challenges experienced throughout the course of implementing the project, it could take a shorter or longer time to complete. As such, it is advisable that the management and personnel involved in implementing this project should take each task with the magnitude of seriousness and input required to ensure that it is implemented within the planned timelines.
Dependencies
MTF sites will need to follow guidelines of NOCs and NOCs lead engineer to successfully and smoothly implement the plan. A maintenance window of 48 hours is required to migrate AHLTA/CHCS/ CHAS to the AM (Med-COI) enclave. Although required downtime varies by location, sites that do not require a Re-IP typically experience 8 – 10 hours of downtime, while sites that do require a Re-IP will experience 10 – 14 hours of downtime. Physically relocating sites can expect significantly longer downtime to accommodate data transport
Important milestones
MTF Specific Tasks:
Sites currently using VOIP at Sites:
1. Who will be the POC for testing with that phone?
2. How many IP phones do you have in the MTF?
3. Test on the MHS domain?
4. Have a date when MTF will schedule to test/implement VOIP?
NOCs Specific Tasks
1. Organization VoIP Subnet. (We need to know the entire VOIP subnet used at the base location since the med group’s VOIP phones will have to go through a firewall to get back to the base. We have to write firewall rules to allow medical group phones to call any other phone on base.
2. Med Facility VoIP. (We want a specific subnet (DHCP Scope) for medical VOIP with some room for growth; this will help to troubleshoot long term. Until such a time that DHA will have its solution for telephony.)
3. Call Manager IP. (What we need is the subnet for all VOIP servers on the base; we have to write firewall rules to allow the VOIP phones to contact the VOIP server suite.)
4. VoIP DHCP Server[s]. (Need the DHCP server/s that service the VOIP address space on the base; we have to set up helper addresses and build firewall rules.)
Details of Project Launch
The details of this project launch describe the stakeholders’ roles and responsibilities, the technical dependencies, the points-of-contact, and the transition details to migrate all medical systems and users from the legacy Military Treatment Facilities (MTF) network to the segregated MTF enclave.
The MTF will coordinate with the Communication Focal Point (CFP) to connect the ENFAAS 3rd Party Switch as outlined below. Typically, a large site will have a 48-port switch while small sites will have a 24-port switch. A single fiber pair will need to be run to the MTF from the CFP. Should the ports not be populated with an SFP the items can be found in manual using the following link. No additional tasks will be required by the CFP, as all actions for the migration will be accomplished by the lead network operations center (NOC) and the applicable NOC for that region.
The MTF Site Implementation Plan had originally reflected a connection to the Palo Alto Firewall. This has been changed to G1/1/1 on the 3750x. The Security Architecture deployment team (SADT) should have populated the appropriate fiber interface. If this has not been accomplished the MTF will reach out to the SADT for the required SFP. The SFP recommendation is a Cisco SFP GLC-LH-SMD.
After the connections have been finalized the MTF will coordinate with the AF Medical Liaisons to get both interfaces turned up and prepared to be utilized for migration activities. This will require coordination with the Lead and regional NOCs as well as MTF networking lead. The Cisco 1000Base-SX SFP GBIC Transceiver 30-1301-02 (GLC-SX-MM) can be used in the HP 3rd Party Switch as a suitable sub per the NOSC lead engineer.
The below depicts the ENFAAS Third-Party Switch HP 5120 48 Port Switch in use at large MTF sites. The Fiber Port requested is 49/46.
Figure 3: HP 5120 48 Port Switch (Large Sites)
The below depicts the HP 5120 24 Port Switch in use at small AF sites. The Fiber Port requested is 25/22.
Figure 4: HP 5120 24 Port Switch (Small Sites)
A maintenance window of 48 hours is required to migrate from organization to segregated MTF enclaves. Although required downtime varies by location, sites that do not require a Re-IP typically experience 8 – 10 hours of downtime, while sites that do require a Re-IP will experience 10 – 14 hours of downtime. Physically relocating sites can expect significantly longer downtime to accommodate data transport.
Strategy for Implementation
The purpose of having a strategy for implementation of this project is to ensure that the output or results achieved meet the overall objectives of the project with its success being deepened on both external and internal factors. In this case, the strategy for implementation this project will involve having a very organized project team that will monitor the progress in terms of time to ensure deadlines are met and tasks completed within their budget lines.
Another implementation strategy will be to have an efficient management systemthat is flexible enough to adapt to any changing situations during the project implementation process. Applying this strategy should ensure that the project is achieves quality outputs and results.
Operation of IT
Operation of IT will be very crucial in this project because they will help support the project manager make more sound decisions. This means that the operation of IT will act as a decision support system for improving the managerial effectiveness of this project.
Enterprise Architectures
Having an effective enterprise architecture in place will ensure that individuals working on the project are able to integrate data and technology to come up with a comprehensive view of the project implementation process. In this project, the enterprisearchitecture will be designed in such a way that it offers a holistic view of all the tasks being implemented in the project.
Disaster Recovery
Information technology systems utilize hardware, software, and data connectivity where a failure or lack of any of these components means that the system cannot function properly. For this reason, there is need to have a solid disaster recover strategy in place to anticipate any likely loss in one of these system components.
The proposed disaster recovery for this plan involves establishing a computer room environment with secure computers and a standby backup power supply.
Moreover, given the fact that the nature of this business operation cannot tolerate any downtimes, dual data centers will have to be utilized with the ability to handle all data processing needs for this project. The only drawback to this strategy is that it can be expensive to install but it is very effective. All facilities will verify it has redundant support and report to project managers if needing Helpance.
Information Security and Assurance
The information security and assurance strategy for this projectwill involve a number of steps one of them being enhancing data security education of individuals who will be involved in this project through training. In addition, encryption of removable media and any other storage media will also have to be implemented with the aim of preventing any unauthorized data access. As well as hardening network configurations on routers, switches, and data center as the systems are migrated using SCAP tools. The Information Security and Assurance office will verify and create POAMs with a swift timeline for correction.
Documentation Deliverables
Documentation deliverables will help in the tracking of due dates as it will Help in tracking the project dates so as to ensure that all the tasks are completed successfully and in a timely manner. In this case, the deliverables will have to be marked as milestones so as to make it easy to note when each task is completed. Adopting this approach will make it easy to measures the outcomes of each task to make sure that all the specifications for the project are met.
Hardware and Software Deliverables
This project recommends the use of online tools to measure its hardware and software deliverables. Adopting this approach will be convenient for the completion of the project because it make it easy for the project team to complete various tasks. Moreover, using an online tool software tool will make it easier to track the project’s progress while project members will be able to update their status once they complete a given task especially given the fact that there are four phases involved in this project.
Assessment Framework
The final output will be assessed within an Assessment framework of industry standards, regulations of accepted criteria by quality assurance. Each MTF will need to reply to completing the tasks, system configuration documentation, and include topologies. The final output will be assessed within an Assessment framework of industry standards, regulations, or other accepted criteria. Each MTF will have their quality assurance section and functional managers validate change management requirements such as physical connectivity, configurations, hardening of the network, and documentation. The results, as well as the documents, shall be added to the risk management framework.
Sources
Beasley, Robert E. “Conducting a successful senior capstone course in computing.” Journal of Computing Sciences in Colleges 19.1 (2003): 122-131.
Jin, M. (2008). Redesign of the computer science capstone course by integrating the major field test (MFT). Journal of Computing Sciences in Colleges, 24(1), 239-246.
McGann, S., & Cahill, M. (2005). Pulling it all Together: An IS Capstone Course for the 21st Century emphasizing experiential and conceptual aspects, soft skills and career readings. Issues in Information Systems, 6(1), 1-7.