ScenarioYou have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals,

Scenario

You have just been hired as the security manager of Medical Credentials Company (MCC), reporting to the Chief Information Officer (CIO). MCC is a kind of clearinghouse for doctors, hospitals, and group practices. It stores and distributes information on its clients, including sensitive information on previous malpractice lawsuits or disciplinary action. MCC is converting from an in-house database to a distributed database, which can be queried by telecommuting employees and clients. This change requires a high level of security. It is your responsibility to provide your engineers with the security requirements and at the same time convince senior management that the system being developed is robust and secure enough to protect this sensitive information. After careful examination of the database requirements and security requirements, you decide that compliance with the current accreditation/authorization process (NIST 800-37 RMF) would sufficiently protect the database from intrusion and tampering.

Project Background

Becoming better acquainted with the history of accreditation and authorization has made you aware that you need to start planning tasks in order to complete a system authorization in a timely manner. In addition, you need to clarify the additional assurance provided to justify the extra resources to your CIO.

The project deliverables for week 2 are as follows:

Week 2: The DITSCAP Process: (600-700 WORDS)

The History of Accreditation and Authorization Section:

·      Analyze the differences in the types of authorization.

·      Explain how the authorization process applies to the new database system.

·      Give your CIO a brief clarification of the additional assurance provided by the NIST RMF process, to justify the extra time and money for additional tasks.

·      REFERENCE