This website uses cookies to ensure you have the best experience. Learn more

Security Policy & Standard, Task 2

1741 words - 7 pages

Health Body Wellness Center
Information Security Management System (ISMS)

Health Body Wellness Center (HBWC) promotes medical research, evaluation, and sharing of information between health care professionals. The HBWC’s Office of Grants Giveaway (OGG) provides for the distribution of federally supported medical grants. OGG uses a Microsoft Access database program called Small Hospital Tracking System (SHGTS) to manage the medical grant distribution process. A risk assessment of SHGTS was conducted to evaluate vulnerabilities and establish a baseline of potential threats. This document will outline an ISMS plan for HBWC and provide recommendation of additional steps ...view middle of the document...

Key players:
Management, Human Resources (HR), Information Technology (IT) staff all should provide players to make up the ISMS committee. The key to success is having management drive the process and establish the framework for the company to follow.
HBWC’s goal is to provide an effective method to promote medical research and the exchange of information of heath care professionals. Institutions rely on grants from OGG to meet this goal. The establishment of a secure environment for SHGTS to operate is paramount to success.
Snapshot of security posture:
No current ISMS policy is in place at this time. With the aid of the SHGTS risk assessment a review of the overall security posture and development of a comprehensive ISMS plan for HBWC and its customers.
Evaluate all systems and data on the HBWC’s Local Area Network (LAN) to implement an affective ISMS to meet the ISO 27000 series standard. The Confidentiality, Integrity, and Availability (CIA) triad are key considerations of all systems/data that should be evaluated and covered during the PDCA process.
A2. Guiding Security Principles
Three key principles of security are the CIA triad; they provide a basis for identifying and applying industrial security standards for the protection and prevention of IT systems.
Confidentiality policies are designed to prevent unauthorized access to data, databases, including paper data, electronic media, telephone, and data networks (bits and bits).
Integrity policies to prevent the modification of data in transit, transaction integrity, and data at rest. The use of encryption technologies insures data integrity.
Availability policies include equipment maintenance, monitoring degraded services, and response to loss of asset. These security principles are the basis of a good ISMS program and provide a guideline for its development. (Tipton, H, & Henry, K. 2007
Health Body Wellness Center
Information Security Management System (ISMS)
File:FYT2_Task2 Page
A3. Processes
The processes that will be included in the ISMS are the PDCA process, and a transition plan to move HBWC from the current As-is-state to the To-be-state. The PDCA process provides guidance on four steps; develop a plan, implement the plan, verify the plan is in use, and improvement of the plan. Management must first establish guidance for the ISMS team to build a security plan that is current by today’s standards. Next a full risk and vulnerability assessment has to be completed that identifies the current threats so an action plan can be developed that addresses them. The plan will provide guidance on the migration of the company’s network and how to migrate from the “As-is-state” to the To-be-state”.
The ISMS plan will be consistent with ISO 27000 series certification processes. A timeline for implementation, verification/validation, and improvement will be defined as part on the ISMS process. (Arnason, S, & Willett, K.D, 2008)
A4. Information...

Other assignments on Security Policy & Standard, Task 2

Wgu Capstone Essay

8774 words - 36 pages . Encryption Policy 8. Audit Policy 9. Backup & Recover Policy 10. Disaster Recovery Policy Intangible Deliverables 1. A better understanding of information security requirements 2. Improved confidence of employees Methodology The initial approach to this was to take the basic approach to the configuration of the new network. The plan was to just install the equipment and run the

Cyberlaw-Task 1 Essay

750 words - 3 pages Heart-Healthy Insurance Information Security Policy Paul Ervin Western Governors University A1. New User Section New Users The REVISED portions of the new user section now stipulates: “(1) New users are assigned access with principle of least privilege. They will have a level of access commensurate with access required to do their job. This level will be predetermined by IT staff according to job title. (2) An administrators account

Cyber Security In Business

1513 words - 7 pages at rest and in flight, on all devices, no matter who owns the devices. The more places information is stored, processed, and transmitted, the more difficult the task. Complexity is the enemy of security (Johansson, 2009). Additionally, another area of complexity is the disconnect between security and the business. In his article The Challenge of Information Security Management, Part 1, Johansson provides an example. We walk into a meeting


2440 words - 10 pages it runs on, a single failure will result in the loss of business and potential repeat business. Policy Vulnerabilities Our analysis of the AS San Diego Headquarters Information System Security Policy identified a severe weakness. AS's security policy identifies that all firewalls and routers rules are evaluated every two years. Industry standard for firewall re-evaluation is on average 12 months or less depending on the state of the Firewall's

Social Security Paper

987 words - 4 pages - U.S. Social Security Administration. (n.d.). Retrieved November 16, 2014, from Feldstein, M. (2005). Rethinking Social Insurance. American Economic Review, 95(1), 1-24. Retrieved November 13, 2014. Historical Development. (n.d.). Retrieved November 14, 2014, from John, D. (2005, March 2). How Today's Social

Understanding Nist 800‐37  Fisma Requirements 

2451 words - 10 pages .  2        Overview  The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. §  3541, et seq.) is a United States federal law enacted in 2002 as Title III of the E‐ Government Act of 2002 (Pub.L. 107‐347, 116 Stat. 2899). The Act is meant to  bolster computer and network security within the Federal Government and  affiliated parties (such as government contractors) by mandating information  security controls and


1326 words - 6 pages security' 2.  Install anti-virus software and keep it updated 3.  Install a firewall to stop unauthorized access to your computer 4.  Protect yourself from harmful emails 5.  Back-up your data 6.  Develop a system for secure passwords 7.  Keep your software up-to-date 8.  Make sure your online banking is secure 9.  Develop and maintain a security policy BUSINESS APPLICATIONS OF THE INTERNET * The Internet can be used for any business


3778 words - 16 pages appears on the Example Security P&P List. Therefore, you will find that not all Implementation Specifications are always grouped under the Standard in which it is listed in the HIPAA Security Rule. 2) For example, the required section “Data Backup Plan” under the “Administrative Safeguards – Contingency Plan Standard” and the addressable section “Data Backup and Storage” under “Physical Safeguards – Device and Media Controls” are grouped

The Internet

989 words - 4 pages legitimate need to access it are allowed to do so. This seemingly simple task has become a very complex process with systems that need to be continually updated and processes that need to constantly be reviewed. There are three main objectives for information technology security: confidentiality, integrity, and availability of data to the organization. Confidentiality is protecting access to sensitive data from those who don't have a legitimate

Security Awareness

2691 words - 11 pages Information Security - Security Awareness Abstract: 3 Security Awareness 4 Regulatory Requirements for Awareness and Training 7 References 13 Abstract: Information security means protecting information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. A policy can be described as a set of principles intended to manage

Byod Pr Cope?

699 words - 3 pages party, to ensure compliance with organization policy, handle mobile security, and separate between ‘business’ and ‘personal’ usage of the device. MDM services are also required in COPE. Furthermore, IT helpdesk may be inefficient under BYOD policy ; with a wide range of devices used and no standard device policy, help desks may either be less productive due to inability to support devices, or take longer time to complete services due to inexperience

Similar Documents

Document Essay

315 words - 2 pages ensure confidentiality by implementing__________? 9) Encrypting e-mail communications is needed if you are sending confidential information within an e-mail message through the public Internet? 10) Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats? 11) A data classification standard is usually part of which policy definition? 12) The SSCP professional

Information Security Essay

253 words - 2 pages diligence different from due care? Why are both important? When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a standard of due care. Due diligence is the demonstration that the organization is diligent in ensuring that the implemented standards continue to provide the required level of protection. 5. (Whitman & Mattord, 2011, p. 114) What is a policy? How is it different from a law? 6. (Whitman & Mattord, 2011, p. 114) What is the best method for preventing an illegal or unethical activity?

Sec450 Essay

329 words - 2 pages Task 1—Verify Connectivity and Configuration in Dallas router #1. What CLI command does produce the output below? ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- #2. Complete the table below based on the dynamic routes displayed in the routing table above. Routing protocol

Data Security Essay

8305 words - 34 pages “organizational security policy” as: a set of security rules, procedures, or guidelines imposed (or presumed to be imposed) now and/or in the future by an actual or hypothetical organization in the operational environment [CC 2006]. Basically, a security policy describes: 1) the security properties to be fulfilled by a computing system; 2) the rules according to which the system security state can evolve. An information security policy addresses many