Outsourcing Intrusion Detection System for Health Organization Expository Essay

Exclusively available on Available only on IvyPanda® Made by Human No AI

Information technology outsourcing has over the last several decades experienced substantial growth to become a basic strategy employed by many organizations across the world, with academics and industry suggesting that this growth is bound to be prolonged and maintained in the near future (Abu-Musa, 2011).

These authors further posit that IT related activities, which were once executed almost exclusively in-house by most organizations, are now regularly outsourced or off-shored to dedicated vendors.

But as observed by Goodman & Ramer (2007), outsourcing or offshoring of IT services inflates the potential for organizations to be exposed to a number of system vulnerabilities, mainly due to the intimate connections with network systems.

This paper purposes to not only describe how Northern Arizona Healthcare hospital chain has outsourced an intrusion detection system (IDS) to prevent such system vulnerabilities on critical patient health information, but also to outline some potential advantages and disadvantages of outsourcing this component.

According to Schoberle (2007) personal health information (PHI) privacy and security concerns should be central to any health organization as the health data is perceived as one of the most private facets of life for many people.

To secure such data, therefore, effective IDS can prove to be an invaluable tool because it would have the capacity to perform early detection of malicious activity and probably thwart more serious attacks to the protected site (Barnes, n.d.).

In this regard, the Northern Arizona Healthcare hospital chain has outsourced IDS from Perot Systems to assist in the process of analyzing logs to determine system vulnerabilities, auditing and prevent intrusion (Brenner, 2005; Bezroukov, 2011).

The IDS can be said to form the third layer of the physical security of the health organization outsourced from a third party (Perot Systems) with a view to manage, monitor, and respond to physical security alerts through systematic and coordinated analysis of system logs to detect system and network vulnerabilities.

The IDS in Northern Arizona Healthcare is basically composed of three components, which include sensors, analyzers, and the user interface (Brenner, 2005). While the sensors are charged with the responsibility of gathering data or evidence of an intrusion, the analyzers are responsible for receiving input from the sensors and determining if an intrusion has really occurred.

Indeed, it is the analyzers that provide direction on what actions the Managed Security Service Provider (Perot Systems) should take as a consequence of the intrusion. Lastly, the user interface to IDS allows the analysts to observe output from the network system or manage the behavior noted in the system (Brenner, 2005; Ya-Yueh, 2011).

Although the IDS does not prevent malicious actions or network threats, it has been instrumental in assisting the health organization get early warning signs of a malicious attack or misuse, thus enabling the Managed Security Service Provider to not only alter installations defensive posture to enhance resistance to attack, but also confirm secure configurations and operation of other security features such as firewalls (Ya-Yueh, 2011).

Consequently, intrusions and attacks on the organization’s patient health information database have been reduced.

Available literature demonstrates that there exist many advantages and several disadvantages of outsourcing IDS to enhance security for sensitive patient information.

One of the main advantages of outsourcing IDS to a Managed Security Service Provider, According to Fitzparick (2008), “…is that security should be the MSSP’s key business function; thus, they should focus their resources on the current security technologies, strategies, education and personnel while monitoring the internet for the latest vulnerabilities and threats” (p. 14-15).

Outsourcing not only ensures that the health organization is able to create competitiveness through focusing on core activities and engaging in cost and efficiency savings, but it increases productivity, enhances operational control, and facilitates staffing flexibility (Abu-Musa, 2011 ).

As already mentioned, outsourcing information security has its own downsides. Fitzparick (2008) argues that as the responsibility for intrusion detection shifts to the third party service provider, “…the client loses experience, knowledge, and skills that are gained by investigating security events; technical skills are dulled as the internal team relies on the knowledge of the MSSP analyst” (p. 17).

Second, the service provider may not have the capacity to understand their client’s security requirements, thereby occasioning a situation that will see the client receive very generic service from the provider.

Outsourcing also increases the potential for possible attacks and other system vulnerabilities by elongating “communication channels and increasing the number of organizations and computer networks that touch the data” (Goodman & Ramer, 2007, p. 812). Lastly, it is expensive to outsource IDS.

To conclude, it is indeed true that ensuring the security and safety of patient health information should be a foremost responsibility for any health organization (Schoberle, 2007).

This paper has discussed how such information could be secured through outsourcing intrusion detection and prevention components, and the pros and cons associated with such outsourcing. The onus, therefore, should be for individual health organizations to decide how best they could protect sensitive patient health information – and outsourcing IDS represent one of the many possibilities.

Reference List

Abu-Musa, A.A. (2011). Exploring information systems/technology outsourcing in Saudi organizations: An empirical study. Journal of Accounting Business & Management, 18(2), 17-73. Retrieved from Business Source Premier Database.

Barnes, J. (n.d.). Intrusion detection systems in hospitals: What, why, and where. Web.

Bezroukov, N. (2011). . Web.

Brenner, B. (2005). Report: IT shops lax about logging. Web.

Fitzparick, V. (2008). Intrusion detection and prevention: In-sourced or out-sourced. SANS Institute.

Goodman, S.E., & Ramer, R. (2007). Global sourcing of IT services and information security: Prudence before playing. Communications of AIS, 20(2), 812-823. Retrieved from Business Source Premier Database.

Schoberle, C. (2007). Personal health information: Privacy and security considerations in outsourcing and offshoring decisions. Web.

Ya-Yueh, S. (2011). Effects of the outsourcing of information systems on user satisfaction: An empirical study at Taiwanese hospitals. International Journal of Management, 28(1), 127-138. Retrieved from Business Source Premier Database.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2019, March 26). Outsourcing Intrusion Detection System for Health Organization. https://ivypanda.com/essays/outsourcing-intrusion-detection-system-for-health-organization/

Work Cited

"Outsourcing Intrusion Detection System for Health Organization." IvyPanda, 26 Mar. 2019, ivypanda.com/essays/outsourcing-intrusion-detection-system-for-health-organization/.

References

IvyPanda. (2019) 'Outsourcing Intrusion Detection System for Health Organization'. 26 March.

References

IvyPanda. 2019. "Outsourcing Intrusion Detection System for Health Organization." March 26, 2019. https://ivypanda.com/essays/outsourcing-intrusion-detection-system-for-health-organization/.

1. IvyPanda. "Outsourcing Intrusion Detection System for Health Organization." March 26, 2019. https://ivypanda.com/essays/outsourcing-intrusion-detection-system-for-health-organization/.


Bibliography


IvyPanda. "Outsourcing Intrusion Detection System for Health Organization." March 26, 2019. https://ivypanda.com/essays/outsourcing-intrusion-detection-system-for-health-organization/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1