About us
Products
Consultancy
Development
Case studies
Testimonials
Press
Career opportunities
Ethical policy
Contact
Home
The client:
The client is an international network of companies through which the latest healthcare information can be shared and used by doctors and clinics worldwide via the Internet. There is also a separate foundation which concerns itself mainly with ethical issues relating to the integrity and confidentiality of medical information exchanged and disseminated through the network.
Project requirement:
Medical information was to be disseminated through the network by email. Customers (doctors, clinics, etc.) were given client software through which they would receive this information. We were involved at both the technical and the strategic levels as follows.
On a technical level, we set up and hosted the client's servers, and developed server-side software for them. At the strategic level, we were responsible for system design and security. We advised the variety of threats that such a system could face. We drew up a threat model which included the most relevant threats which could be protected against without client exceeding their security budget. As an example, we discussed the physical security of the servers and that there are companies which specialise in providing a highly secure environment for server hosting, such as The Bunker (http://www.thebunker.net).
Other threats addressed included:
- Denial of service attacks,
- Unauthorised access by reverse engineering the client software,
- Stealing passwords by monitoring the network, and so on.
- SD Card updates
We then helped the client to draw up a security policy. This would ensure that their systems were kept as secure as possible during day to day operations. In addition, it would form a basis for BS 7799 if they wanted to apply for formal accreditation.