Assignment
Introduction
The security plan proposal is intended for Maryland hospital, to help the hospital management in safeguarding the information of their patients that are stored in the computer systems. Patient records are stored on a mainframe computer that processes data through HP CICS. The system has been encrypted with a password (Azari 67). The transactions and records of the patient are stored based on the patients’ names, illnesses and insurance companies. The system uses an SRU network system to create communication between staff and the mainframe system.
There is physical security that is maintained by staff members where all staff members have a security password to ensure that there is no interference of information. Patients are not allowed in the system; however, the system uses encryption if patients want to communicate with doctors over the internet. The hospital structural has a dual control in that the computers provide different duties and responsibilities for each personnel in the hospital. This ensures that there is no interference from different departments, especially the management and the accounts department.
The systems are monitored through log Ins that the management and nurses have on the system. The computer systems record every time and date the computers are accessed to prevent security issues such as hacking and cracking of information from the computers. An incident response program will be installed on the computers to ensure that in the case records of patients are changed from an outside source, there will be an alarm on all computers. Finally, the computers have a data recovery program to ensure that even when viruses attack the computers can still be recovered from the computer system. The system will have a backup system that will copy files every two days after they have been entered.
The responsibility of the security plan is to ensure that all the information and assets of the hospital are safeguarded. The assets of the of the hospital need to be protected from security threats and since the security plan will have a backup plan it will ensure that the information installed in the system will not be deleted or destroyed by viruses that may inhibit the security plan.
Asset classification
The asset classification is essential in any organization to ensure that even when hackers manage to breach the security plan all the information that has been stored in the computers is safe (Kim 90). Additionally, identification of the assets helps in making decisions on the level of security that is needed to protect the assets of the hospital. The level of redundancy is also established to ensure that there is a copy of data that is safe.
Assets are classified in various categories that include information assets where all the information about the hospital falls under this category. The information has to be collected, organized, classified and stored in various forms. The information is in the form of databases, data files, operational and support procedures and archived information. The hospital also has software assets in the form of application and system software.
Threat identification
Threats in information security system are things that may cause harm to the information that is stored in the computers or their backup plan. The threats may be from outside or inside sources as well as potential threats. It is evident that even if a person manages to come up with a proper security plan, it becomes hard to prevent some threats from attacking the security plan.
Potential threats of the security plan include hacking and cracking that comes from people who want to snoop into the most secure computers of the hospital to access information that they may not have access to as they are not allowed in the systems. Viruses are also a potential threat to the information in the company because when information is faced with viruses, it is hard to retrieve such information (Fugini 70). Therefore, all the assets of the organization are destroyed in the process. Viruses come in many forms; many people have a way of setting the viruses to bring down the whole system, and it’s back up.
Outside threats include fires that may occur in the building as it happens at times, and they destroy all the computers and information in the computers. Therefore, with security back up plan it becomes harder to retrieve the information that has been lost in such cases. Other outside sources may include human activities such as ignorant employees, and acts of God.
Tools and techniques to help in security planning
It is important for any organization that is coming up with tools and techniques to deal with issues of security in the information systems security. Therefore, there is a need to secure Access, data and code that is given to every employee because as much as people like confidentiality in the organization, there are some elements who like to eavesdrop and gather other people sensitive information in the organization (Kovacich 89). The organization may come up with cryptography, which helps in protecting messages and information by affecting the appearance of data without causing any changes to its meaning. Authentication can also be used in the organization where before a person is able to access the information in the computers they are required to authenticate that they are allowed access to the computers. Additionally, encryption can be used to help hackers and crackers from accessing the information provided in the computer using the Encrypting File System. Other forms of techniques and tools that can be used include the introduction of secure codes, smartcards and firewalls among others.
Security implementation
After the security plan has been imposed and installed in the hospital, it is required that the management should come up with ways to implement the security plan to ensure that the hospital assets are protected from any people with bad intention. It is said that the organization information is the asset of the company, which is more important than the capital itself.
Security implementation should be done using security policies and control that are managed by all employees in the organization. Such policies include e-mail policies where all employees should be careful of whom they talk to or the information they provide, password policies, internet policies ad backup and restore policies. Implementing the policies in the organization, makes the work easier when preventing any security threats.
Awareness program sample
Information awareness is intended to educate the employees of the organization on the dangers of human errors on the assets of the organization. The program applies to all employees in the organization, and it is deemed to educate all employees about the risks of allowing the information in the computers to be hacked or threatened in any way. Additionally, the program will educate employees on how to prevent threats in the secured information systems of the organization.
The employees in the organization should be treated as the bosses as they contribute to the success of the organization through the skills and knowledge they bring to the organization. So as to ensure that there data is safe from hacking and misuse, they need to be trained on some aspects related to information management systems. The skills in the field will help them know how to relate with strangers in social sites and how to keep their information confidential. Hackers are common today in the world and one’s data can be used for malicious reasons if not taken care of.
Conclusion
A security plan proposal is a fundamental aspect of today’s working environment. The constant change of the working environment, especially the introduction of new technologies call for adoption of proper methods to ensure up-to-date, as well as secure information. By following the above mentioned steps, Maryland hospital will be in a position to set up a good working environment for the workers.
Work cited
Azari, Rasool. Current Security Management & Ethical Issues of Information Technology. Harrisburg, PA: Idea Group Inc, 2003. Print.
Fugini, Mariagrazia, and Carlo Bellettini. Information Security Policies and Actions in Modern Integrated Systems. Hershey, PA: Idea Group Pub, 2004. Print.
Kim, David, and Michael Solomon. Fundamentals of Information Systems Security. Sudbury, MA: Jones & Bartlett Learning, 2011. Print.
Kovacich, Gerald L. The Information Systems Security Officer's Guide: Establishing and Managing an Information Protection Program. Amsterdam: Butterworth-Heinemann, 2003. Internet resource.
