Information System of Lifeforce Medical Ltd - Case Study Example

INFORMATION SYSTEMS DEVELOPMENT & MANAGEMENT Name Professor Institution Course Date Abstract This report covers the information system of Lifeforce Medical Ltd. The system has grown and this report fully studies and documents the IT requirements of the business enterprise for the next three or up to five years. The document seeks to enable the understanding, makes recommendations for changes to the software, infrastructure, systems, network and other platforms. The report further focuses on the requirements from stakeholders, actual and potential shortcomings of the current information system, recommendations and justifications, and the appropriate assumptions for this process. The paper discusses in details the solutions to the vulnerability of the system. Introduction Lifeforce Medical Ltd is not only an importer and distributor of medical devices but also offers treatments and other products. The company supports some specialist stockist’s independent pharmacies in the Republic and Northern Ireland. The company history dates back since 1980s. Over time, its Information Systems has developed. A number of employees are computer literate and two IT employees oversee the system activities. The company also maintains in-house stock control. The users of this system access it remotely by their delivery drivers. The magnanimity of the system makes the database vulnerable such that the database can be compromised leading to disclosure of customers’ data. Requirements from Stakeholders Lifeforce Medical Ltd information system has many stakeholders. They include the health care systems, primary care physicians, specialist care physicians, payers, state Medicaid, state government, laboratories and diagnostic facilities, public health, patient groups, purchasers and employers, directors and governing committees, among others. The requirements vary from one stakeholder to another. Healthcare systems require the capacity to transfer health information from one provider or person to another. It will include entities in order to exchange selective information outside their networks. The system would need to exchange administrative information with the state and the payers. The primary care physicians and speciality care physicians require exchanging information with hospitals and providers. The information might be administrative in nature. Payers are also crucial stakeholders. They might need a method of pressing their electronic claims, verifying, reporting and authorizing. The system should be efficient and effective in terms of cost. The payers might need improved patient wellness and care coordination platforms. The state is also one of the organs that might be interested in creating a statewide health information system. In pursuing this, the micro information systems should be connected to it. The laboratories and diagnostic facilities like x-rays, medical records and mammograms store significant patient information. The public health needs to report significant information. Therefore, when focusing on stakeholder requirements, data security is tremendously valuable. This would stop serious breaches connected with the way parties share data with each other. Karl (2008: 10) suggests this is like building a perimeter around the records. Data Security Management The system should secure the access paths to data (John, 2007:12-13). This involves the efforts to deploy firewalls and systems that authenticate users to prevent intrusions. The data store in the database is also vulnerable. This puts the serious stuff to risk. The company should contemplate employing ethical hacker to plug the potential sources of failure of the system. Sadogopan (2009: 20-21) postulates that if we introduce new changes to a system, they should be tested against the already existing system. These tests allow time to listen to stakeholder’s complains and compliments and incorporate the appropriate changes. The in-house stakeholders are also a potential treat. They are privileged users who know where the most sensitive data is stored. They even know how to go around and disable security controls. This calls for a thorough search for individuals of integrity in such positions. In a centralized system that controls data access, controls are implemented through an agent and monitoring system as in Figure 1. Figure 1 Figure 1 shows a natural solution that uses a software agent. The software agent runs on the server’s database. This enables data protection and monitoring that is policy-based. The agent ensures no modifications on it especially by individuals having access to the database. Authentication is used by almost all database users (Vijay, 2009: 45-49). It validates the identity of the user and prevents unauthorized users. Figure 2 bellow is a schematic diagram for a straightforward authentication method. Figure 2: Simple Authentication Method Benefits of Proposal offered The benefits of improving the performance of this system are many. An improved system shall be able to support new functions. The systems become more flexible and reliable. It also becomes sustainable. The overwhelming market gets served in a secure environment. The shortcomings, both actual and potential, are studied and taken care as soon as possible. Actual and Potential Shortcomings of the Current System The current system has actual and potential problems. The actual problems include the database system accessed remotely by delivery drivers. The system is so magnanimous thus making it vulnerable such that the database might be compromised leading to disclosure of customer information. The potential problems are also the anticipated problems. For one, a highly developing system might experience low productivity, inadequate alignment of the information system and a large number of failures. Low productivity, in the opinion of Charles (2005: 50-52), is always associated with an increase of backlog and maintenance cases. The demands for building improved or new information systems increase faster than the company’s ability to adjust to demands. Other potential shortcomings include the increase in cost of program modifications, increase of hardware, and insufficient supply of personnel and funds. Information systems may usually result to outright failures. The failure may be due to economical mismatches, especially when budget and schedule overruns. Poor quality of the product and insufficient satisfaction of the users may arise. The increasing of complexity and magnitude of software products is also a potential problem. Abdullah (1999: 77-78) arguments that each generation in an information system brings in new application areas, and extended functionality, which results to, a larger system. He further holds that the bigger the system, the tougher it is to design, to construct and to maintain. Moreover, the system poses many new technical options. This will call for innovations, server architectures, electronic commerce, and object-oriented approaches. Recommendations and Justifications Life-force medical Ltd should use Linux. Malicious software applications run on Windows, something that does not happen with Linux. Windows will require up- to-date anti- virus and anti-spyware. If the current system supports users without a password, this may give total access of viruses to the system. Besides, Linux is known for its stability without crashing, and its configuration changes can be done while the system is running. For Linux, a reboot is not required after the configurations as in Windows. Cost effectiveness of the new systems is also a critical factor. Linux is slim, flexible and scalable. It performs on any computer regardless of the specs of the computer and can be reconfigured to include needed services for the company’s functions. This reduces the cost, improves the performance and keeps the system simpler. The system can, therefore, fit within the budget. Protecting the internal network requires separating it from the public network. The border routers must be configured from the public IP address. Firewalls will help restrict traffics from devices. In his earlier research, Avison (1992: 15) wrote that the WLAN should be separated from its main network. This adds to the total security of the system. Options for change should be put in place. For the purpose of internet security, a small sensor on the database host server will be capable of monitoring all database transactions that are moving through a shared memory. Ron & Ben-Natan (2005:35-36) argue that sensors communicate with an overall server which evaluates all the actions depending on configured set of rules. This allows for real-time reaction once a rule violation is determined. Depending on how severe the violation is, the chief administrator may log the event, communicate an alert, terminate the session of the user, or locking out the user for some time in order to carry out investigations. From the information that the system is growing, number of stakeholders will also increase. This requires technology options, such as, connecting systems to involve bi-directional options. Some options of technology enable gateways to connect to several stakeholders (Richard, David, 2002: 91). Potentially, providers need to be connected to numerous external providers. Other alternatives should include gateways and secure messaging. Alfred & Melissa (2011: 6-7) propose that an information system should enlist common and widely acknowledged approaches in solving system challenges. They add that the approaches should provide both improved and systematic guidelines. The approaches should engage an expert to build up a collective experience of the information system and use it to develop best practices. Such experience can be collected through participation in information system development, conducting studies or evaluating the methods. Based on this experience, in-house concepts, beliefs and modelling languages and procedures are utilized to come up with an all-inclusive-option to the problem. In fact, the market exerts demand on the usefulness of any information system. This requires continuous process re-engineering so as to be at bar with increasing technology in other sectors. Conclusion Lifeforce Medical Ltd is both a distributor and an importer of medical devices. It also offers treatments and other products. The company supports some specialist stockist’s independent pharmacies in the Republic and Northern Ireland. The company system uses Windows. The magnanimity of the system make is so vulnerable such that the database might be compromised leading to disclosure of customer information. Considering the actual and the potential problems as the company grows, different stakeholders are considered and the IT requirements documented. In coming up with a new and reliable system for the future, Linux proves superior over Windows. References Abdullah, Al-Abdul-Gader 1999, Managing Computer Based Information Systems in Developing Countries: A Cultural Perspective, BookCrafters, New York. Alfred Basta, Melissa Zgola 2011, Database Security, Channel Center Street, Boston. Avison, D 1992, Information Systems Development: Database Approach, Blackwell Publishers Ltd, New York. Charles, Shoniregun 2005. Impacts and Risk Assessment of Technology for Internet Security: Enabled Information Small-Medium Enterprises. Springer Science and Business Media Inc. Essex. John, Vacca 2007, Practical Internet Security, Springer Science LLC, New York. Karl, Eugen 2008, The Making of Information Systems: Software Engineering and Management in a Globalized World, Budapest, Hungary. Ron, Ben-Natan 2005, Implementing Database Security and Auditing, Elsevier Inc, New York. Richard Didgen, David Avison, Bob Wood, & Trevor Wood-Harper 2002, Developing Web Information Systems, Elsevier Inc, Burlington. Sadagopan, S 2009, Management Information Systems, Wiley-Blackwell, West Sussex. Vijay Atluri, John Hale 2009, Research Advances in the Database and Information Systems Security, Kluwer Academic Publishers, Massachusetts. Read More