As the Information Security Officer (ISO) for a small pharmacy it is my responsibility to ensure both the physical and logical access controls to protect medication and funds that are maintained and located on the premises. In addition my responsibility would include maintaining the privacy of personal information of our customers. The ISO duties can include providing reports to the firm’s management, establishing information security procedures and standards, consulting and recommending to the pharmacy on issues of security enhancement.
Potential physical vulnerabilities and threats that require consideration include; not allowing customers in after working hours, only employees will access the premises through the entrance after working hours, the backdoor is to be used by employees only, and non-employees should be restricted from using the door. A dual lock system should be used for the entrance to assure security during the non-working time. Other physical security vulnerabilities that need to be considered are attacks on security mechanisms such as locks and security personnel, disruption of detection devices such as smoke detectors, motion detectors and closed circuit TV.
Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. In addition the attackers can be responsible for theft, fraud, and vandalism. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, deletes or changes information. Theft can include the actual products off of the s...
... middle of paper ...
...uirement. Also each user will need to change their password every sixty days. The cost and benefits of the implementation of the control activities should be considered. Although the risks are real, our pharmacy must decide how much money they are willing to spend to protect our assets. The cost must be weighed against the cost of continuing in business and the cost of the threat to our cost of losing information and our reputation. As a general rule, the cost of implementing and sustaining a control activity should not exceed the benefits derived from that control activity (Microsoft 2006).
The counter measures listed throughout our presentation are ways to enhance our security systems at our pharmacy. The ISO must continue to be vigilant in the never ending struggle against the forces of evil and darkness trying to invade and wreak havoc on our pharmacy.
Physical and environmental security programs are generally considered to be a collection of mechanisms and controls put into place that help ensure the availability of information technology capabilities. These programs protect an organization from fire, flood, theft, power failure, intentional, and even unintentional damage through negligence. Implementation of these programs at the organizational level can take place in a number of ways but most organizations choose to follow the application of a body of standards, usually set forth by an organization such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Once such body of standards put forth by ISO/IEC is 27002, Information technology – Security techniques – Code of practice for information secur...
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
There is constant concern about different kinds of devices and tools because of their vulnerability: laptops; personal computers in the home; libraries and public workstations; USB Flash Drives and email, to name a few. These items are easily accessible for those attempting to breach security.... ... middle of paper ... ...
The cyber security department will ensure that the organization will have continual protected access to the organization’s network. The protected access of the network will be available 24 hours a day and 7 days out of the week. The protected access will also be available during emergencies. Emergencies will not hamper or hinder the organization’s ability to access the network. Arrangements have been put in place for emergencies to have protected access to the network. The cyber security department will continual strive to improve their services. “Cyber-attacks on a Process Control Network (PCN) pose a risk to the operation” (Henry, 2009, p.223). The uninterrupted, protected access to the organization’s network is the top priority of the cyber security department.
Responsibility and accountability become important when medical staff gives or doses patients with medication. The chance for making a medication error presents itself at all times. Those passing medications must follow established policies and procedures developed and laid forth by t...
Every organization, big or small, should have some level of security policy to protect their proprietary information. While the intensity and depth of an organization's security policy depends heavily on the nature of their business, common guidelines are mentioned in this paper that apply to all policies. One of the most important things to remember is that employees are a critical component to a successful security policy. It is the organization's job to ensure that their security policy is widely distributed and understood.
Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.
Potential risks and security breaches have been on the rise with a growing number of skillful hackers. This results in an increase to external threats to personnel and businesses. However, when complex security measures and the appropriate level of controls are utilized, there is a reduction to the potential risk and loss due to failure or breach. Therefore, such practice will enhance system reliability.
A clear, straightforward policy in relation to operational security can often benefit the privacy and security of some businesses (“Understanding Operational Security,” 2016). As a result, Edu Corp constantly analyzes and deploys appropriate solutions to secure every company aspect relating to our operational security. By adhering to Edu Corp’s comprehensive Operational Security Policy, employees may assist in protecting and safeguarding various forms data and critical information, as owned by Edu Corp.
Principle of Security Management by Brian R. Johnson, Published by Prentice-Hall copyright 2005 by Pearson Education, Inc.
Retail pharmacy is a very crucial aspect of the healthcare system in the United States and the world in general. The last point of call where patients see a healthcare professional is the pharmacy and the pharmacist has a duty to the patient in the area of their safety and wellbeing. The work a pharmacist does in the field of retail pharmacy is seen by most part of the general public as “counting pills into a bottle and labeling it, sometimes leaving the computer screen to tell the patient to take their pills by just reading what the bottle says, but there is a more to it.
Implement physical security: - “Physical security protects people, data, equipment, systems, facilities and company assets” (Harris,
In order to have an effective physical security program you need to know what you are protecting and why you are protecting it. Physical Security encompasses the protection of people, places, things, and data. Protecting each of these elements requires different pieces of equipment or different avenues but the philosophy of the protection is the same. In this I mean that you are protecting from unauthorized access to the places, people, things, and data.
Physical security cannot be wholly successful without the human factor element and the active support of these user groups. For example, when the aim is to protect a critical facility from attack or to provide access control for an office building it is necessary to engage people on the proper use of any security systems that are in place, for instance security alarms. If the alarm goes off and employees have no idea what it signifies
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.