Is4550 Security Policies

560 Words2 Pages
IS4550 Security Policies and Implementation
Security Policies Overcoming Business Challenges
September 25, 2015
Marie M. Lopez
Instructor: Mr. Stephen Votta

The Health Care Industry should have security program planning and management that would provide a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entity’s computer-related controls. Security Policies with the following controls can overcome business challenges by implementation, training and follow up.
Physical controls e.g. fences, doors, locks, mantraps and fire extinguishers. Administrative controls rely on the willing compliance of
…show more content…
incident response processes, management oversight, security awareness and training. Administrative controls are the process of developing and ensuring compliance with policy and procedures. They tend to be items that employees may do, or must always do, or cannot do. A user who has been trained to operate a computer system/software is less likely to make errors that could affect data or cause injury. Operating procedures and user manuals will direct user behavior within specific operational parameters dictated by the health industry’s system. Procedures need to address the user’s accountability and responsibility for actions taken while using the health industry’s computer system(s), and if applicable, when and why for application of electronic signatures. Training, a preventative process for each individual employee (doctors, nurses and administrative employees) is beneficial to the health industry’s and must have documentation added to individual employee’s file. It would also be good to give training certification to validate the individual who have completed a training session for the bank’s future use and the accountability of the employee for any errors that he /she may have incurred that may consequently lead to dire results, like legal…show more content…
user authentication (login) and logical access controls, antivirus software, firewalls. With a valid authentication or login of an employee, access would be limited to computer resources (data, programs, equipment, and facilities), thereby protecting these resources against unauthorized modification, loss, and disclosure. The preventative access to systems such as anti-virus, firewalls, intrusion prevention system (IPS) would help mitigate risk and threats. The bank should consider application software development and change controls that prevent unauthorized programs or modifications to an existing program from being implemented into the system.
Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses.
Regulatory compliance is defines as an organization's adherence or obedience to laws, regulations, guidelines and specifications relevant to the health industry business because violations to regulatory compliance regulations may often result in legal litigation, punishment, which can include government fines. An example of the regulatory standard for a Health Care Industry would be HIPPA. It would be prudent to use data governance policy to facilitate compliance

More about Is4550 Security Policies

Open Document