As the Information Security Officer (ISO) for a small pharmacy it is my responsibility to ensure both the physical and logical access controls to protect medication and funds that are maintained and located on the premises. In addition my responsibility would include maintaining the privacy of personal information of our customers. The ISO duties can include providing reports to the firm’s management, establishing information security procedures and standards, consulting and recommending to the pharmacy on issues of security enhancement.
Potential physical vulnerabilities and threats that require consideration include; not allowing customers in after working hours, only employees will access the premises through the entrance after working hours, the backdoor is to be used by employees only, and non-employees should be restricted from using the door. A dual lock system should be used for the entrance to assure security during the non-working time. Other physical security vulnerabilities that need to be considered are attacks on security mechanisms such as locks and security personnel, disruption of detection devices such as smoke detectors, motion detectors and closed circuit TV.
Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. In addition the attackers can be responsible for theft, fraud, and vandalism. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, deletes or changes information. Theft can include the actual products off of the s...
... middle of paper ...
...uirement. Also each user will need to change their password every sixty days. The cost and benefits of the implementation of the control activities should be considered. Although the risks are real, our pharmacy must decide how much money they are willing to spend to protect our assets. The cost must be weighed against the cost of continuing in business and the cost of the threat to our cost of losing information and our reputation. As a general rule, the cost of implementing and sustaining a control activity should not exceed the benefits derived from that control activity (Microsoft 2006).
The counter measures listed throughout our presentation are ways to enhance our security systems at our pharmacy. The ISO must continue to be vigilant in the never ending struggle against the forces of evil and darkness trying to invade and wreak havoc on our pharmacy.
Therefore, a reassessment of the controls we have in place would be necessary. Ed’s previously mentioned tasks, when completed, will lay the foundations for our revamped security system. To supplement this, we will need to rework our security policies and create an incident response plan. This will include creation of a RACI matrix so that everyone is aware what role they play in the successful implementation of this plan. As we are storing credit card data, we should also consider being PCI DSS compliant. This would require us to conduct an audit of our current systems and run it by a checklist to make sure we are up to the required standards of PCI. Furthermore, we will need to appoint a dedicated Chief Information Security Officer whose task will be to develop the company’s long term information security program which will align with the company’s
Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...
The Healthy Body Wellness Center requires an Information Security Management System (ISMS), in order to implement a plan to maintain and audit the company 's information system security objectives. This necessitated outlining the scope of the ISMS plan as well as an evaluation of the risk assessment conducted by We Test Everything LLC (WTE). We Test Everything LLC was contracted by the Healthy Body Wellness Center 's (HBWC) Office of Grants Giveaway (OGG) to provide a risk assessment of the Small Hospital Grant Tracking System (SHGTS).
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
Implement physical security: - “Physical security protects people, data, equipment, systems, facilities and company assets” (Harris,
ISO 27001: Information Security Management System: This standard helps organizations implement security as a system versus numerous controls put in place to solve seemingly isolated issues. The standard includes handling of electronic information as well as paper-based information. From the management perspective, this standard, main contribution is to formalize the concept of risk assessments and organize information security as a quality improvement activity. The standard includes the plan-do-check-act (PDCA) concept as well as the principle of continually assessing the organization, not just episodically (Murphy, 2015).
Potential risks and security breaches have been on the rise with a growing number of skillful hackers. This results in an increase to external threats to personnel and businesses. However, when complex security measures and the appropriate level of controls are utilized, there is a reduction to the potential risk and loss due to failure or breach. Therefore, such practice will enhance system reliability.
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
Bar-code-assisted medication administration (BCMA) has replaced the traditional paper-based medication administration (PBMA) systems in some health care facilities. The BCMA system’s objective is to verify the five rights of medication administration meaning that “the right patient receives the right dose of the right drug by the right route at the right time (Grissinger).” The process begins with the pharmacy ensuring that all medicines are labeled correctly and that all medicines have appropriate bar codes that identify the name, dose, and form of the medication. Patient...
Andress, Mandy; Cox, Phil; Tittel, Ed (2001). CIW Security Professional. New York, NY: Wiley. p. 638. ISBN 0-7645-4822-0.
Retail pharmacy is a very crucial aspect of the healthcare system in the United States and the world in general. The last point of call where patients see a healthcare professional is the pharmacy and the pharmacist has a duty to the patient in the area of their safety and wellbeing. The work a pharmacist does in the field of retail pharmacy is seen by most part of the general public as “counting pills into a bottle and labeling it, sometimes leaving the computer screen to tell the patient to take their pills by just reading what the bottle says, but there is a more to it.
Johnson, B. R. (2005). Principles of Security Management. Upper Saddle River, NJ: Pearson Prentice Hall.
A clear, straightforward policy in relation to operational security can often benefit the privacy and security of some businesses (“Understanding Operational Security,” 2016). As a result, Edu Corp constantly analyzes and deploys appropriate solutions to secure every company aspect relating to our operational security. By adhering to Edu Corp’s comprehensive Operational Security Policy, employees may assist in protecting and safeguarding various forms data and critical information, as owned by Edu Corp.
This report aim to explain how is achieved risk control through strategies and through security management of information.
Physical security cannot be wholly successful without the human factor element and the active support of these user groups. For example, when the aim is to protect a critical facility from attack or to provide access control for an office building it is necessary to engage people on the proper use of any security systems that are in place, for instance security alarms. If the alarm goes off and employees have no idea what it signifies