Information Systems Security
June 18, 2014
Information Systems Security
The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be ...view middle of the document...
From all of the fore mentioned federal laws, HIPAA is the one that concerns us the most.
There are three main things that we should focus on as we provide a secure network. They are availability, integrity and confidentiality which are known as the tenets of information systems security. Availability ensures that information is accessible by the appropriate users when they are seeking information. Integrity guarantees that only authorized users can change information. Confidentiality allows only authorized users to view information. These factors are especially important when you consider the fact that we deal with sensitive medical records that includes prescriptions and financial data. Along with this understanding it is equally important that we remain cognizant of the fact that the risks that we face enters the equation as we develop strategies attempting to meet business goals and remain competitive. As risks increase, stratagems must be developed that incorporate risk mitigation, risk assignment, risk acceptance, or risk avoidance principles as counters for potential malicious attacks (Kim & Solomon 2012).
In going forward with our implementation of a security plan, we should be consciously aware that the domains within our infrastructure are being executed with growth in mind. Though we are presently a small company, we have the unlimited potential to quickly become incorporation focused tycoon within the pharmaceutical industry. For this reason we will construct our infrastructure on the level that envision our company and not based on our current state. With that in my let’s introduce our infrastructure along with its many security features.
The first domain that we will introduce is the user domain. The user domain defines the people who access our organization’s information system. Users within this domain assume certain roles that grant them access to systems, applications, and data depending upon their defined access rights. Note that our employees must conform to the staff manual and policies before assuming this role. It is in the user domainwhere we find our acceptable use policy (AUP). Our AUP defines what we as users are allowed to do with organization-owned IT assets. It’s basically a rulebook that all of our employees must follow. It states that our employees are responsible for their use of IT assets. It requires staff, contractors, or other third parties to sign an agreement to keep information confidential. It requires a criminal background check for sensitive positions. This is where the first layer of our defense starts for a layered security strategy(Kim & Solomon 2012).
There are certain risks, threats and vulnerabilities presented within the user domain. They mostly stem from lack of user awareness, users apathy toward policies or when security policies are violated. Mitigation of these risk factors starts with an initial security training to employees along with displaying security posters and banners...