Security policies are the practices or rules that an organization uses to protect and manage its assets, including information, infrastructure, equipment and facilities. Security in the field of information technology focuses on the protection of network connectivity, computer systems and sensitive information. Definition of an organization’s priorities and philosophies regarding protection of the attributes above determines policy-based security. Security policy has a technical definition which views it as a template that is used to configure and select security mechanisms supported y the application or system. Configuration of the numerous security policies in the modern operating systems is carried out through the group policy interface (Shinder, 2006).
Mayo contractors and administrators are jointly accountable for examining system access, auditing and logging the system access and routinely examine the logs for authorized activities and adherence to the set standards. Mayo Contractors do not have the rights to alter system or delete log files. The contractor access to the system and services is limited. In contrast to Georgetown, access is denied to patient information. Individuals are designated to determine whether a particular restriction is to be permitted. Beth_israel also offers security measures where access rights are limited to the users.
Beth-israel does not allow its user to intentionally perform acts that waste expertise Resources or unjustly monopolize resources facilities and resources. These acts are however not limited to, sending non-business e-mails, spending too much time on the Internet, online chatting, playing games, subscribing to associated Listserv that is not related to the business or creating unnecessary set of connections. Similarly use of Mayo computers, network, dialup services, internet link and other resources is primarily for professional development and business-related activity.
The obvious theme common in these three organizations relate to the protection and confidentiality of organizations information. The first theme involves a network that is restricted within an area to maintain privacy, while the second alternative is restricting the user rights which limits access of the system to unauthorized users. Both alternatives carry a number of advantages to the organization.
In order to ensure that the network infrastructure remains secure, the information security function needs to identify the major components of the network infrastructure, which can range from boarder router, network switches, hardware firewalls and network intrusion detector systems. In this aspect, the computer devices within the company can have their logs analyzed or de-duplicated by the network servers.
Group policies are only applicable to all the computers and users in a linked container. The only way it affects security groups is by filtering group policy by setting the permissions of a group on the contaniner (Stavroulakis, & Stamp,2010). Information for group policies are stored in the containers, which is an area in the group policy active directory, in the template, folders in the policies folder found in the Sys. Vol. folder on the domain controllers, with the exception of local policies. It is not advisable to use cross-domain assignments since it slows down startups and logon, when a different domain is used to access the group policy (Stavroulakis, & Stamp,2010).
Groups such as enterprise administrators, domain administrators and group policy creator owners are allowed to create new or edit the existing GPOs. Group policies apply to these members only if they apply group policy is set as member of a group to which they belong. Authenticated users have Read Permissions to GPO, by default, with the apply group policy attribute. If the apply group policy attribute for the enterprise admin and domain admin groups is set to Deny, the policy fails to apply with administrators.
Another important policy is the standardization document in healthcare organizations, Information Security Risk Management Guidelines. This is a guide for organization to enhance their management techniques in order to prevent the business information from being compromised (Malik, 2003). The business information and data is usually in large volumes and its management calls for a good information system to manage it effectively. Several information systems have been introduced and are widely used by business organizations for different purposes. The guideline offers practical specifications to be followed by business managers in securing the access and spread of business information.
References
Shinder, D. (2006, January 17). Understanding the Roles of Server 2003 Security Policies. Retrieved from
Malik, S. (2003). Network security principles and practices. Indianapolis, IN: Cisco Press.
Stavroulakis, P. & Stamp, M. (2010). Handbook of information and communication security. New York, NY: Springer.
