As the contracting officer’s technical representative (COTR), you are the liaison between your hospital and potential vendors. It is your duty to provide vendors with an overview of your organization. To do so, identify information about your hospital. Conduct independent research on hospital database management. Think about the hospital’s different organizational needs. What departments or individuals will use the Security Concerns Common to All RDBMSs (attached), and for what purposes?
Provide an overview with the types of data that may be stored in the system and the importance of keeping these data secure. Include this information in the RFP.
After the overview is complete, move to the next step to provide context for the vendors with an overview of needs.
Step 2: Provide Context for the Work
Now that you have provided vendors with an overview of your hospital’s needs, you will provide the vendors with a context for the work needed.
Since you are familiar with the application and implementation, give guidance to the vendors by explaining the attributes of the database and by describing the environment in which it will operate. Details are important in order for the vendors to provide optimal services.
It is important to understand the vulnerability of a relational database management system (RDBMS). Read the following resources about RDBMSs.
– error handling and information leakage
– insecure handling
– cross-site scripting (XSS/CSRF) flaws
– SQL injections
– insecure configuration management
– authentication (with a focus on broken authentication)
– access control (with a focus on broken access control)
Describe the security concepts and concerns for databases.
Identify at least three security assurance and security functional requirements for the database that contain information for medical personnel and emergency responders.
Include this information in the RFP.
In the next step, you will provide security standards for the vendors.