community clinic

 

Contents

Introduction

Queens medical center is the community clinic which serves various residents in the catchment area who are unwell with regard to their health. There are specialists in the clinic in the different areas of medical. The meeting with the specialist requires the scheduling of the consultation schedule. The appointment can be booked by the people by calling to the receptionist of the clinic.

There has been an increasing number of patients at the clinic and a number of calls for appointments which makes the patients to wait for a long time to get access to the service. There is an opportunity for Queens medical center to respond to the increasing need of medical care with the growth in the community population. The system should provide the recommendation for the best specialist for the patient based on the availability and the workload of the specialist.

The cyber crimes are increasing day by day. The web based information system of the Queens medical center can be prone to different cyber crimes. The sensitive information of the patient is required to be protected

This report will provide the discussion of the different benefits of the ASMIS and the cyber threats which the ASMIS can suffer from. The report will also provide the UML diagram and the threat modelling techniques for the system. The cyber security technologies which can be used for addressing the problem will also be discussed in the report.

Benefits of ASMIS

There various benefits of the  appointment and scheduling management information system.

Book appointments from comfort of home

The potential patients will be to book appointments by using the web application of  appointment and scheduling management information system .The customers will be able to select the time and date on which they want ot make the appointment.

No waiting time

The customers have to wait for long time for getting appointment on call. When they will use the  appointment and scheduling management information system then, they will not have to wait for long time for getting appointment.

Patient information

The patients will be able to provide their health information in detail using the  appointment and scheduling management information system.

Specialist selection

 Appointment and scheduling management information system will allow the patients to select the specialist of their choice. They will be able to select the specialist based on the past experience and the abilities of the specialist.

Online payment

The customers will be able to make the payments for the appointment using different payments methods which are allowed by appointment and scheduling management information system. The customers will also be get the payment receipt.

Large scale handling of patients

The clinic staff will be able to handle the large number of the patients at the same time without any delay in providing the services.

Potential problems related to ASMIS

There can be different problems related to appointment and scheduling management information systems.

Downtime: The information system can be down due to some reason due to which the patients will not be able to access services of the system for that time. This can lead to non booking of the appointments for that interval of the time.

Denial of service: The system can suffer from the denial of the service attack. The denial of the service is the attack in which the user injects the web server and the network with the useless packets which results in using of all the resources of the system and intended users of the system have to wait for a long time to get the services of the system(Koutepas, G. &Maglaris and Vasilis, 2002). This attack can be initiated by the attackers on the web server of the appointment and scheduling management information system(Koutepas, G. &Maglaris and Vasilis, 2002).

Unauthorized access: The appointment and scheduling management information system can be accessed by unauthorized users and this can lead to the loss of the privacy of the data of the patients. The unauthorized users can use the data of the patients for the financial gains. They can sell the data of the patients to the third parties.

Unauthorized manipulation of the data: The appointment and scheduling management information system can lead to unauthorized manipulation of the data. The unauthorized manipulation of the data will lead to loss of the integrity of the data and loss of the availability of the data. The accuracy of the data can get lost in this threat.

Man in the middle attack: This is the attack in which the attacker can sit between the sender and the receiver and can listen to the conversation of the sender and the receiver. The attacker acts as the authenticated user of the system. This can lead to loss of the confidentiality of the dataJaveed, Dr &MohammedBadamasi and Umar, 2020).

Phishing attack: This is the attack which  appointment and scheduling management information system is most prone to. The users of the  appointment and scheduling management information system are non technical persons and they are not aware about the cyber security. Phishing attack is the attack in which the attackers probes the users to click on the malicious links(Chaudhry, Junaid & Chaudhry, Shafique &Rittenhous and Robert, 2016).

Once the users clicks on the malicious links then, the user is redirected to the malicious apps and the web sites. The hackers gain access to sensitive information of the organization through this attack(Chaudhry, Junaid & Chaudhry, Shafique &Rittenhous and Robert, 2016).

Cross site scripting attack: This is the attack in which the hacker injects the malicious code in the source code of the web application. This can result in loss of the confidentiality of the data. The integrity and the consistency of the data of the patients and their appointments can also get lost in case of this attack(Shanmugam, Jayamsakthi&Ponnavaikko and Murugesan, 2008).

UML diagrams

Figure 1 shows the class diagram of the ASMIS system

The diagram shows the sequence of the activities in the appointment and scheduling management information system. The user usually patient login into the system. If the patient wants the appointment with the specialist then, the patient has to put the date. The availability of the doctor is checked on that date. If the doctor is available on that date then, the appointment is fixed.

Threat modelling technique

Visual Agile and simple threat modelling technique can be used for the modelling of the threats. The reliable and the actionable results can be generated with the help of the Visual Agile and simple threat modelling technique. The VAST can also be integrated into DevOps. Various infrastructure and operational concerns can be identified with the help of the Visual Agile and simple threat modelling technique. Visual Agile and simple threat modelling technique involves the two types of the model (Gonzalez, 2022). The first model is the application threat model. The architectural aspect of the threat is presented by application threat model using the process flow diagram. The second model of the Visual Agile and simple threat modelling technique is the operational threat model. The threat is represented from the perspective of the attacker in this model using the data flow diagram (Gonzalez, 2022).

Figure 2 shows the entity relationship diagram of ASMIS system

This figure shows the entity relationship diagram for  theappointment and scheduling management information system. The patient can schedule the appointment. The appointments are scheduled for the different doctors. The patient makes the payment and clears the bills.

Threat modelling technique

STRIDE threat modelling technique can be used for the identification of the different threats and the mitigation of the different threats. The discovery of the threats in the system is guided by the STRIDE technique. The S of the STRIDE technique represents the Spoofing. This is the user who pretends to be the other user. T of STIDE technique represents Tampering. This is the component that takes into account the modification of the components or the code by the attackers. Repudiation is the third component of the STRIDE technique. This checks the threat events which are not logged or monitored(Gonzalez, 2022). Information disclosure is the fourth component of the STRIDE which considers the threats in which information is exposed or leaked. Denial of the service is the next component of STRIDE. This takes into account the threats to which services of the system or the components of the system are overloaded with the traffic in order to prevent the legitimate users of the system from accessing the system. Elevation of the privilege is the other component of STRIDE which takes into account the threats which attackers grant additional privileges to themselves in order to gain greater control over the system(Gonzalez, 2022).

Addressing of problem

There are different cyber security technologies which can be used for the prevention of the cyber attacks on the appointment and scheduling management information system. The cyber security technologies include

Artificial intelligence and deep learning

The artificial intelligence and the deep learning technology can be used for the detection of the malicious activities in the system. The logs, transactions and the real time communication can be monitored using artificial intelligence and the deep learning technology(The 5 Latest Cyber Security Technologies for Your Business, 2022). It is used in Walmart.

Strengths

This technology allows the monitoring of the real time interactions of the users with the system.

Weakness

The training of the system for detection of the malicious activities is required before implementing it for the detection of the malicious activities.

Behavioural analytics

The pattern on the system and the network analytics can be determined with the help of the behavioral technology. The potential and the real time cyber threats can be detected with the help of this technology. For example: A sudden increase in the data transmission by a particular user can be monitored by using this technology. This could indicate a cyber security threat. This technology is used by Facebook to monitor the behavior of the users(The 5 Latest Cyber Security Technologies for Your Business, 2022).

Strengths

This technology can be used for the monitoring of the real time behavior of the users. The cyber threats can be detected quickly with this technology.

Weakness

There are high chances of a False positive. A sudden change in the behavior of the user may be natural. It does not indicate the cyber threat always.

Blockchain cyber security

The block chain technology of the cyber security is also gaining popularity. The transaction between the two parties is identified with the help of this technology. This technology works on the peer to peer network fundamentals. The members in the block chain authenticatedata added. This technology creates the network which cannot be penetrated by the hackers. Therefore, this technology prevents the privacy of the data from getting compromised. The robust verification system can be set in the organization with the combination of the block chain technology and the artificial intelligence technology(The 5 Latest Cyber Security Technologies for Your Business, 2022). This technology is used in organization such as Amazon.

Strengths

This technology provides the opportunity of the establishment of the robust verification system can be set in the organization.

Weaknesses

This technology requires high budget for its establishment.

Conclusion

The cyber threats to the information system are increasing at a high rate. This report gives the discussion of the different benefits of the ASMIS and the cyber threats that the ASMIS can suffer from. The patients will be able to book the online appointments with the system and the staff will be able to manage a large number of the patients with the help of the appointment and scheduling information management system. The report gives the UML diagram and the threat modelling techniques for the system. The cyber security technologies which can be used for addressing the problem are discussed in the report. The block chain technology is the most popular technology for the prevention of the cyber attacks.

References

Gonzalez, C., 2022. 6 Threat Modeling Methodologies: Prioritize & Mitigate Threats. [online] Exabeam. Available at: <https://www.exabeam.com/information-security/threat-modeling/> [Accessed 5 May 2022].

IFF Lab. 2022. The 5 Latest Cyber Security Technologies for Your Business. [online] Available at: <https://ifflab.org/the-5-latest-cyber-security-technologies-for-your-business/> [Accessed 5 May 2022].

Chaudhry, Junaid & Chaudhry, Shafique & Rittenhouse, Robert. 2016. Phishing Attacks and Defenses. International Journal of Security and Its Applications. 10. 247-256. 10.14257/ijsia.2016.10.1.23.

Javeed, Dr &MohammedBadamasi, Umar. 2020. Man in the Middle Attacks: Analysis, Motivation and Prevention. International Journal of Computer Networks and Communications Security. 8. 52-58. 10.47277/IJCNCS/8(7)

Koutepas, G. &Maglaris, Vasilis. 2002. Detection and Reaction to Denial of Service Attacks.

Shanmugam, Jayamsakthi&Ponnavaikko, Murugesan. 2008. Cross Site Scripting-Latest developments and solutions: A survey. Int. J. Open Problems Compt. Math. 1.