Credit: infosecinstitute.com

1. You and your other group members have been hired as information security consultants for Heartlanding Consulting.
2. Your group’s first client (BTW: You are very excited!) is “Quick Care” medical. “Quick Care” medical pioneered the drive up checkup – they can check your heart, cholesterol, blood pressure, weight, BMI, all from the comfort of your car in five minutes or less. They have even experimented with performing minor medical procedures from the car. Their slogans say it all – “Having problems with your left arm, we can fix it,” or “Scrapes, bumps, or breaks on your left arm – we’ve got you covered.” However, many patients, of course, still prefer the traditional waiting and examination rooms. 
3. The “Quick Care” medical clinic needs advice regarding security. They recently experienced a break-in, and some perpetrator stole computer equipment containing patient records. Note this happened six months after the office flooded and destroyed some important paper documents. 
4. In the past, computer hard drives have failed, destroying many patient records. The staff feels that they are very lucky to have the paper records so they can reenter the data for the patients in the future. Meanwhile, several examination rooms in the clinic are being used to store the paper-based patient records. 
5. Office staff use simple and easy to remember passwords such as (Love, God, and Secret) and they post their passwords on the office bulletin board, so no one forgets. 
6. One of their servers, located in the patient waiting room, was infected by a computer virus when one patient viewed an inappropriate web site. The staff discovered that the virus protection software was not installed. 
7. The server also supports the clinic’s Internet website, but patients are not required to log in. 


8. Physically the clinic is housed in a one-story building. The entrance leads directly to the patient waiting room. Patients have access to a service desk to “check-in” upon arrival. A door leads from the waiting room to the back office and ten examination rooms. Each examination room has a desktop computer that is connected to a main switch that is located along with the server in the patient waiting room. On the side of the building, there are five drive-up windows to express care. 
9. The clinic owns 15 workstations and two servers (Note one server is still in the shipping box since 2002 – just in case a failure occurs.) They also own a wireless access point, a switch and two HP color printers (different models of course). 
10. There was also a report that Internet performance was very slow. Someone noticed high activity on the network attached to the wireless access point, but the staff is not certain why. The staff spends a lot of time on FaceBook, communicating with friends and patients. They also love listening to music that they have downloaded. 
11. The proctologist (Dr. Fred) who designed the network and systems said, “He has never seen a set of computers work better.” Dr. Fred has also been quoted as saying, “Our systems work like your digestive system,” but no one understands his point. 
12. The clinic’s business is down after a recent set of lawsuits. 



Analysis 
1. Identify the key problems for the clinic. 
2. Analyze the network, system, policies, procedures, and physical security. 

Report 
1. Your report should use MLA style (minimum of two pages). Please use citations when referencing external materials. 
2. Document the observed problems and recommended solutions. In your report, consider procedures, processes, hardware, software, and policies. 
3. Create a chart (in Word) documenting the network configuration. Identify security vulnerabilities. 
4. Attach a list of the top ten “security best practice tips” in bullet form to your report. 
5. Recommend Heartlanding Consulting services to the client: include regular security audits, penetration testing, software maintenance, and firewall support in the list of services provided.