Remote Access Policy
PRACHI
AYER
IS 371
Assignment #4 – Remote Access Policy
XYZ Health Care Provider
Remote Access Policy for Remote Workers & Medical Clinics
Policy Statement
For better productivity remote access is an important tool for our company but sometimes the remote access can compromise or will provide lower security than our network. As the remote network are out of control for our company, we must mitigate any other risk to work on our best capability.
Purpose/Objectives
Our main purpose/ objective of this policy is to have rules and requirements so that XYZ company can connect to any global network from the host network. With the implementation of these rules our company will be secure from any unauthorized exposure that could cause a damage in our company. Some of the damages that could be eliminated are loss of confidential data, stealing of information, public image of our company, breach in internal systems and financial losses.
Scope
The policy will be implemented throughout the company whether it is the employees, contractors, agents, suppliers. that are directly or indirectly work with our healthcare. The policy will cover all the technical glitch which includes viewing internet resources, managing data, sending/receiving emails that will help access the network for the overall company.
Which of the seven domains of a typical IT infrastructure are impacted?
What elements, IT assets, or organization-owned assets are within the scope of this policy?)
Standards
(Does this policy point to any hardware, software, or configuration standards? If so, list them here, and explain the relationship of this policy to these standards. In this case,
Remote Access Domain standards should be referenced, such as encryption standards, SSL VPN standards—make any necessary assumptions.)
Procedures
XYZ health care are provided with the employees, contractors, vendor and agents full privilege of remote access so that the authorized user can use on site connection to the company from anywhere and anytime. If any misused of the access is found, the user will face consequences for the misuse. The authorized user is not allowed to perform any illegal activities.
Guidelines
Any unauthorized activity is prohibited by XYZ Company. Policies should be approved by remote access services and the information technology tech.
Lab #4 – Assessment Worksheet
In this lab, you identified the risks and threats commonly found in the Remote Access Domain, and you defined the scope of a remote access policy as it relates to the Remote Access Domain. You created a remote access policy that incorporated a policy statement, standards, procedures, and guidelines.
1. What are the biggest risks when using the public Internet as a Wide Area Network (WAN) or transport for remote access to your organization’s IT infrastructure?
· The biggest risk while using the public internet as a wide area network is security as eavesdropping attack is common with unsecure Wi-Fi network as hackers can easily access your data and passwords.
2. Why does the mock XYZ Health Care Provider need to define a remote access policy to properly implement remote access through the public Internet?
· The mock XYZ Health care provider needs to define a remote access policy so that it can access public internet that connects to the healthcare so that only authorized personal is able to access the network.
3. One of the major prerequisites for the mock health care organization scenario is the requirement to support nurses and health care professionals who are mobile and who visit patients in their homes. Another requirement is for remote clinics to access a shared patient medical records system via a Web browser. Which type of secure remote VPN solution is recommended for these two types of remote access?
· VPN tunneling protocol IPsec is a compliance that was published by SANS institute that guided HIPAA compliance. This is a mobile access which you can access remotely through personal laptop.
4. Why is it important to mobile workers and users to know what the risks, threats, and vulnerabilities are when conducting remote access through the public Internet?
· It is important to mobile workers and users to know what the risk, threats, and vulnerabilities so that they will know about how simply easy it is to access information through an open public network which could cause loss of vulnerable information.
5. Which domain (not the Remote Access Domain) throughout the seven domains of a typical IT infrastructure supports remote access connectivity for users and mobile workers needing to connect to the organization’s IT infrastructure?
· Wide Area Network Domain
6. Where are the implementation instructions defined in a remote access policy definition? Does this section describe how to support the two different remote access users and requirements as described in this lab’s XYZ Health Care Provider scenario?
· The implementation instructions are defined in Remote Access Domain.
7. A remote clinic has a requirement to upload ePHI data from the clinic to the organization’s IT infrastructure on a daily basis in a batch-processing format. How should this remote access requirement be handled within or outside of this remote access policy definition?
· Remote access requirement should be handled to authorized member of the company and with the use of active directory other users can use the VPN user access.
8. Why is a remote access policy definition a best practice for handling remote employees and authorized users who require remote access from home or on business trips?
· Remote access policy is best practice for handling remote employees and authorized users as it gives the user the security and flexible way to access network from anywhere.
9. Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
· It is best practice of a remote access policy as it makes sure there are no repudiation of the user so that only authorized person can access the important documents.
10. Why is it important to align standards, procedures, and guidelines for a remote access policy definition?
· It is important to align standards, procedures, and guidelines for a remote access policy for the data remains confidential as required by the law.
11. What security controls, monitoring, and logging should be enabled for remote VPN access and users?
· The security controls, monitoring and logging should be enabled for remote VPN access and users are multifactor authentication of users, to monitor there is an account and computer audit policy and for logging event administrators will send access request or notification.
12. Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
· I think yes, an organization should mention that it will be monitoring and logging remote access use in its remote access policy so that the organization will ensure transparency so that the employee will know the policy.