Information Systems Security Essay

3283 words - 14 pages

Information Systems Security
Strayer University
CIS 333
June 18, 2014
David Bevin

Information Systems Security
The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be ...view middle of the document...

From all of the fore mentioned federal laws, HIPAA is the one that concerns us the most.
There are three main things that we should focus on as we provide a secure network. They are availability, integrity and confidentiality which are known as the tenets of information systems security. Availability ensures that information is accessible by the appropriate users when they are seeking information. Integrity guarantees that only authorized users can change information. Confidentiality allows only authorized users to view information. These factors are especially important when you consider the fact that we deal with sensitive medical records that includes prescriptions and financial data. Along with this understanding it is equally important that we remain cognizant of the fact that the risks that we face enters the equation as we develop strategies attempting to meet business goals and remain competitive. As risks increase, stratagems must be developed that incorporate risk mitigation, risk assignment, risk acceptance, or risk avoidance principles as counters for potential malicious attacks (Kim & Solomon 2012).
In going forward with our implementation of a security plan, we should be consciously aware that the domains within our infrastructure are being executed with growth in mind. Though we are presently a small company, we have the unlimited potential to quickly become incorporation focused tycoon within the pharmaceutical industry. For this reason we will construct our infrastructure on the level that envision our company and not based on our current state. With that in my let’s introduce our infrastructure along with its many security features.
The first domain that we will introduce is the user domain. The user domain defines the people who access our organization’s information system. Users within this domain assume certain roles that grant them access to systems, applications, and data depending upon their defined access rights. Note that our employees must conform to the staff manual and policies before assuming this role. It is in the user domainwhere we find our acceptable use policy (AUP). Our AUP defines what we as users are allowed to do with organization-owned IT assets. It’s basically a rulebook that all of our employees must follow. It states that our employees are responsible for their use of IT assets. It requires staff, contractors, or other third parties to sign an agreement to keep information confidential. It requires a criminal background check for sensitive positions. This is where the first layer of our defense starts for a layered security strategy(Kim & Solomon 2012).
There are certain risks, threats and vulnerabilities presented within the user domain. They mostly stem from lack of user awareness, users apathy toward policies or when security policies are violated. Mitigation of these risk factors starts with an initial security training to employees along with displaying security posters and banners...

Other assignments on Information Systems Security

Understanding Nist 800‐37  Fisma Requirements  Essay

2451 words - 10 pages ‐based  framework which federal agencies use to assess, select, monitor and document security controls for  their information systems.    NIST standards and guidelines are organized as follows:  • Federal Information Processing Standards (FIPS) are developed by NIST in accordance with  FISMA. FIPS are approved by the Secretary of Commerce and are compulsory and binding for  federal agencies. Since FISMA requires that federal agencies comply with

The Internet Essay

989 words - 4 pages Theresa Jn. Baptiste - St. Lucia Managing Information Technology Security isn’t simply a technology issue, it’s a business issue. Discuss In any given organization information technology generally refers to laptop and desktop computers, servers, routers, and switches that form a computer network, although information technology also includes fax machines, phone and voice mail systems, cellular phones, and other electronic systems. A

Risk Management

421 words - 2 pages view with IT and business managers concerning the potential impact of various IT security related threats to the mission. This toolset needs to be consistent, repeatable, cost-effective and reduce risks to a reasonable level. Risk management is nothing new. There are many tools and techniques available for managing organizational risks. There are even a number of tools and techniques that focus on managing risks to information systems

Management Of Information Systems

1747 words - 7 pages Securing Information Systems Objectives • Why are information systems vulnerable to destruction, error, and abuse? • What is the business value of security and control? • What are the components of an organizational framework for security and control? • Evaluate the most important tools and technologies for safeguarding information resources. Online Games Need Security, Too • Problem: Threat of attacks from hackers

Secutiry Threats

452 words - 2 pages Security Threats Computer security is no longer just an organization’s concern but everyone’s who uses their computer to access the internet. Anyone who uses their personal computer to access the internet faces potential security threat. This document will identify all the potential security threats on a personal computer and some techniques an attacker might employ to access information on the file system. Security threats can be broadly

Cyber Security In Business

1513 words - 7 pages Cyber Security in Business Organizations Robin P. McCollin CIS 500 Information Systems – Decision Making Constance Blanson Fall 2014 The terms information security, computer security, and cyber security are all terms that are sometimes used interchangeably. To better understand the similarities and differences between the terms, one must first understand what exactly is being secured. For example, Information security is generally

Management Information Systems

2655 words - 11 pages related to student loans. • Solutions: Improve system security and protect student information to restore confidence in the system. • Revoke over 52,000 user IDs suspected of misusing access to students’ private information. • Demonstrates IT’s role in providing quick and convenient access to data. • Illustrates how the very same technology has the potential to threaten privacy and cause more harm than good. 4 Management Information Systems

Faults Within Windows

984 words - 4 pages within Windows was a nuisance but the real issued lied with how many users decided to handle that nuisance. There are three different types of hackers trying to gain access to your system. These three hackers are called the Masquerader, the Misfeasor and the clandestine user. A Masquerader is someone who is not authorized but gains access and infiltrates your systems access controls to exploit your account ("Windows 7 Known Security Flaws", 2009). A

Mis In The Trade Industry

1249 words - 5 pages Internet connect. Also sharing of information through a server will play major role in the trade industry to ensure quick availability of information and data. Greater invoicing control and regulation is being achieved by information systems. With respect to retailing trade industry information systems security clearance is faster. Electronic filing system is more cost efficient. Thus reducing the use of paper within the industry. b) The

Ethical Hacking

2587 words - 11 pages ? Information security research teams exist—to try to find these holes and notify vendors before they are exploited. There is a beneficial competition occurring between the Hackers securing systems and the Hackers breaking into those systems. This competition provides us with better and stronger security, as well as more complex and sophisticated attack techniques. Defending Hackers create Detection Systems to track attacking Hackers, while the

Security

1066 words - 5 pages into focus for the workers and noting the effects of such damages to the organizational performance is thus vital (Bakari, Magnusson, Tarimo, & Yngström, 2006). The single most important asset of a security program Information is the most important asset to any organization’s security program. The implementation and progression of private networks is stirred by candidness and convenience of the systems, which also reveals a threat to the

Similar Documents

Information Systems Security Essay

286 words - 2 pages Colten Ruff 4/24/13 Information Systems Security Unit 4 assignment 1- Enhance an Existing IT Security Policy Framework 1.0 Purpose The purpose of this policy is to define standards for connecting to Richman Investment's network from any host. These standards are designed to minimize the potential exposure to Richman Investment from damages which may result from unauthorized use of Richman Investment resources. Damages include the loss

Document Essay

315 words - 2 pages 1) Information security is specific to securing information systems security of the systems that house the information? True 2) Software manufacturers limit their liability when selling software using which of the following? A. End user licensing agreements. (EULA) 3) The ______ tenet of information systems security is concerned with the recovery time objective. 4) Encrypting data on storage devices or hard drives is a main

Security Policy Essay

304 words - 2 pages Riordan Manufacturing Security Policy Smith Systems Consulting has been hired to evaluate and consult on the creation of a new information technology security policy to span the complete enterprise infrastructure. This document will serve as a recommendation for Riordan Manufacturing as it pertains to the enterprise wide information security strategy. Riordan Manufacturing currently has three locations within the United States and one

Ethical Issues Arising From The Intersection Of Law, Compliance & Investigations

417 words - 2 pages Act of 1987 (PL 100-235) and Computer Matching and Privacy Act which deals with securing of personal information that are stored in federal computer systems. This law is responsible for planning of security standards for protecting data against theft. Resolving Ethical issues It is the responsibility of security professionals to follow ethical codes and conducts for providing maximum security to an organization. These security professionals