Defense Healthcare Information Assurance Program
Abstract
This report summarizes the work of the Defense Healthcare Information Assurance Program (DHIAP) for the period, 15 October 1998 to 31 May 2001. It describes the work completed in the Phase I (research) and Phase II (tool development, testing, and analysis) program activities. In Technical Assessment, the DHIAP Team conducted Information Security Evaluations at two military medical treatment facilities and used results to develop recommendations for improving information assurance capability for MTFs in general and for the military healthcare system overall. In Prototype Development/Demonstration/Transition, the Team developed, tested, and transitioned to MTF operational use a RADIUS-compliant capability for assuring the identity of remote dial-in users of computer systems and controlling their access to those systems. In Risk Analysis, the Team developed and tested a methodology and tools for assessing risk to information assets. The methodology (both expert-led and self-directed versions) is based on the OCTAVESM Method developed by SEI. In Business Case Analysis (BCA), the Team developed a methodology for analyzing cost, operational and functional impact, and risk to the military of deploying technologies affecting healthcare information security, and exercised and refined that methodology during the course of conducting BCAs in four investigations of information assurance technologies. Technologies investigated were remote authentication of dial-in users, authentication, role-based access control, and audit of computer use and access. In Simulation Capability, the Team created and demonstrated the functional capabilities of an alpha version survivability simulator designed to assess impacts on mission survivability.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2001
- Accession Number
- ADA398276
Entities
People
- Archie Andrews