StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

System Security for Department of Human and Health Services - Essay Example

Cite this document
Summary
This paper "System Security for Department of Human and Health Services" focuses on the system security plan (SSP) which aims at providing an overview of federal information system security requirements as well as describing the current and planned controls for meeting the requirements.  …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.3% of users find it useful
System Security for Department of Human and Health Services
Read Text Preview

Extract of sample "System Security for Department of Human and Health Services"

 System Security for Department of Human and Health Services Introduction The system security plan (SSP) aims at providing an overview of federal information system security requirements as well as describing the current and planned controls for meeting the requirements. Furthermore, the SSP sets out responsibilities and expected behavior of all individuals who access the information system. Thus, it should be perceived as documentation of the structured process for sufficient and cost-efficient planning of security protection for a general support system or major application. The SSP works in accordance to the guidelines provided under the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4 Guide for Assessing Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans. The purpose of this Cybersecurity profile is to provide an overview of the cybersecurity requirements for the HHS (Department of Human and Health Sciences) with a succinct description of how the management, operational, and technical controls in place and those planned for the future, meet NIST’s requirements. 1. System Identification/ Scope of Assessment 1.1. System Name Healthcare Cybersecurity 1.2. Security Categorization Security categorization defines categories of information systems in relation to impact loss. It involves the classification of information and information systems in accordance with the potential effect on an organization. The analysis also depends on the occurrence of events that might jeopardize the information and information systems required by the organization for the accomplishment of its mission, protection of its assets, fulfillment of its legal duties and protection of individuals. Security categorization is based on the vulnerability and threat information in evaluating an organization’s risk. The HHS management evaluates systems and assigns a level (low, moderate, high) in relation to the risk to HSS in case of breach of security. The level depends on risks of confidentiality, integrity, and availability of information (Barker, 2004). 1.2.1. Information System Type It is the responsibility of HHS (System Owner) and its stakeholders to identify and establish the information system type. The security concern of HHS is to ensure that shared resources such as networks, communications and physical access within the whole general support system or major application are sufficiently protected. Therefore, it can be said that the information type held by HHS is mission-based (Barker, 2004). By virtue of the personal information of individuals held by HSS (HHS Cyber Security Program, 2014), the type of information system can be said to be Personally Identifiable Information. 1.2.2. Scope of Assessment The potential impact of the loss of confidentiality and personally identifiable information held on a web server is moderate. The potential impact from the loss of integrity and that from the loss of availability are also moderate. 2. Management Control Management controls deal with the management of the information system and the risk for the system. They are techniques and concerns which are usually addressed by the management. Management controls applied to the SSP system include 2.1. Selected control: Risk assessment 2.1.1. Family Control #1: Vulnerability scanning – update by frequency 2.1.2. Implementation Status: The control has not been fully implemented. NIST SP 800-53 Control: The organization should update the scanned information system vulnerabilities. It should also make updates on any new vulnerability identified and reported. NIST SP 800-53 Control Enhancements: The organization should utilize vulnerability scanning implements which include the capacity to update the number of information vulnerabilities scanned. NIST SP 800-53A(2010) Control Expected Results: HHS is expected to actively update vulnerabilities and make new rules and filers for protecting newly discovered vulnerabilities. 2.2.3. Implementation of Control: HHS has established policies and procedures for organizations to identify and update vulnerabilities. 2.2.1. Family Control #2: Vulnerability scanning – discoverable information 2.2.2. Implementation status: The control has not gone through the implementation process. NIST (2007) SP 800-53 Control: HHS needs to discern the kind of information about the information system that is discoverable by enemies. NIST SP 800-53A(2010) Control Expected Results: HHS needs to support compliance with this requirement by providing relevant evidence through log inspection or audit records of the virtual or physical servers scanned. 2.2.3. Implementation of Control: HHS should implement adequate vulnerability scans. 3. Technical Control Technical controls focus on security issues configured within the system. They guarantee automated protection from unauthorized access or misuse and enhance detection of unauthorized access. 3.1. Selected Control: Access control. 3.1.1. Family Control #1: Access control policy and procedures. 3.1.2. Implementation Status: The control has been partially implemented. HHS has developed and documented an access control policy addressing the purpose, functions, management commitment and compliance. HHS has also defined IT personnel and their roles. The HHS has implemented access controls to the extent that it has identified IT administrators and empowered them to limit unauthorized access to information. Furthermore, there are penalties for individuals and organizations that access information on the web without authorization. However, the implementation is still inadequate because there are many cases of unauthorized access to information. NIST (2007) SP 800-53: The information system implements authorizations for logical access to information as well as system resources in line with relevant access control policies. NIST SP 800-53 Control Enhancements: Access implementation involves the regulation of information system accounts during login. NIST SP 800-53A (2010) Control Expected Results: HHS has the responsibility of ensuring proper implementation of its policies. 3.1.3. Implementation of Control: HHS should set stricter policies and rules with regard to access control. 3.2.1. Family Control #2: Account Management. 3.2.2. Implementation Status: The control has been partially implemented. NIST (2007) SP 800-53 Control: HHS should ensure the auditing of network sessions for accessing organization-defined security functions and other relevant information related to security. NIST SP 800-53 Control Enhancements: The organization should employ automated mechanisms to encourage the management of information system accounts. NIST SP 800-53A (2010) Control Expected Results: HHS should have a clearly defined security plan, explicitly or by reference. 3.2.3 Implementation of Control: HHS enforces and supports security safeguards for purposes of ensuring the cryptographic keys used for protecting the organization’s data are not disclosed. The organization also has a defined plan. 4. Operational Control Operational controls focus on the mechanisms primarily implemented and executed by individuals rather than systems. 4.1 Selected Control: Configuration management. 4.1.1 Family Control #1: Configuration management policy and procedures. 4.1.2 Implementation Status: It has been fully implemented. NIST (2007) SP 800-53 Control: The organization ensures the development, dissemination and periodical review or updates. NIST SP 800-53 Control Enhancements: The organization’s configuration management procedures should address all areas identified in the policy and procedures. NIST SP 800-53A (2010) Control Expected Results: The organization has all relevant configuration management policies and procedures as well as documents or records. 4.1.3 Implementation of Control: HHS has implemented adequate configuration management policies and procedures. 4.2.1 Family Control #2: Baseline configuration. 4.2.2 Implementation Status: This control has been fully implemented. NIST (2007) SP 800-53 Control: The organization creates, records and keeps a current baseline configuration of the information system. NIST SP 800-53 Control Enhancements: The organization carries out frequent updates on the baseline configuration of the information system. NIST SP 800-53A (2010) Control Expected Results: The organization keeps the baseline configuration. 4.2.3 Implementation of Control: HHS has an effective baseline configuration that is updated frequently. Conclusion In conclusion, SSP gives a summary of federal information system security expectations. It also describes the current and future controls necessary for achieving the expectations. In addition, it stipulates the duties and conduct of everyone who uses the information system. Throughout the process of actualizing its mandate, the SSP refers to the National Institute of Standards and Technology (NIST) Special Publication 800-53 Rev 4 Guide for Assessing Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans. Meeting NIST standards is SSP’s major concern. HHS analyzes each of its risks and categorizes them according to their intensity to make it easier to deal with them. This paper has offered an overview of the security requirements and the measures HHS has put in place in order to deal with the security needs in question. References Barker, C. W. (2004). Guide for Mapping Types of Information Systems to Security Categories. NIST Special Publication 800-60 V2. HHS Cybersecurity Program. (2014). The Department of Health and human Services Information Security for Managers. NIST Special Publication 800-53A. (2008). Guide for Assessing the Security Controls in Federal Information Systems, Building Effective Security Assessment Plans. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“System Security for Department of Human and Health Services Essay”, n.d.)
System Security for Department of Human and Health Services Essay. Retrieved from https://studentshare.org/information-technology/1669413-sample-cybersecurity-profile-system-security-plan-for-hhs
(System Security for Department of Human and Health Services Essay)
System Security for Department of Human and Health Services Essay. https://studentshare.org/information-technology/1669413-sample-cybersecurity-profile-system-security-plan-for-hhs.
“System Security for Department of Human and Health Services Essay”, n.d. https://studentshare.org/information-technology/1669413-sample-cybersecurity-profile-system-security-plan-for-hhs.
  • Cited: 0 times

CHECK THESE SAMPLES OF System Security for Department of Human and Health Services

Horizon Human Services

hellip; This organization has the reputation of providing high quality services for over 38 years in the area of behavioral health services, including “counseling for adult and children” (2013).... So far it relates to funds for services in the areas of housing, they receive assistance from “US department of Housing, Urban Development and the Arizona department of Housing” (Community Housing, 2013).... Horizon Human services Name of Author Author's Affiliation Horizon Human services Horizon Human services is a non-profit organization working in the area of behavioral health and they offer a wide “array of outpatient and residential services” in three counties comprising Pinal, Gila and Yuma as well as “habilitation services” in four other counties such as Santa Cruz, Maricopa, La Paz and Cochise (Welcome to Horizon Human services, 2013)....
5 Pages (1250 words) Essay

The language of health informatic

department of Health and Human Services, 2012).... department of Health and Human Services.... It had been indicated earlier that the use of health informatics was not going to benefit just the service providers but the service users also, who in this case are the patients.... Since the start of the implementation of the health information system, patient outcomes have… First, the quantum of patients served by the hospital has gone up tremendously....
2 Pages (500 words) Essay

Horizon Human Services

So far it relates to funds for services in the areas of housing, they receive assistance from “US department of Housing, Urban Development and the Arizona department of Housing” (Community Housing, 2013).... In the paper “Horizon Human services” the author analyzes Horizon Human services, a non-profit organization working in the area of behavioral health.... They offer a wide “array of outpatient and residential services” in three counties comprising Pinal, Gila, and Yuma....
4 Pages (1000 words) Essay

Managing Competing Agendas

In order to ensure that ObamaCare works effectively and efficiently to serve the citizens of America, there are various departments that aim to facilitate its efficiency (Venkatesh, Hoehle,… The department of human Service and Health is the agency that seeks to protect the health of all the citizens, and to offer necessary human services, particularly for those who are unable to help themselves.... The department of Information Technology is sizable and comprises support for many grant programs that provide information technology resources to local, state, and tribal governments with an aim to support the plans administered by Health and Human Services Department (Venkatesh, Hoehle, &Aljafari, 2014)....
4 Pages (1000 words) Assignment

Impact of NFPA 1500 on Fire Service

“The National Fire Protection Association (NFPA) 1500 Standard on Fire Department Occupational Safety and health Program is the most regularly utilized countrywide consensus standard for fire department operations” (Richman & Persson, 2007).... “The Standard addressed for the first time such issues as health and safety programs, training requirements, operational requirements of vehicles and protective clothing requirements” (Dodson, 2007)....
6 Pages (1500 words) Research Paper

Department of Health and Human Services IT Security Program

The author examines a security strategy which has been developed by the department of Health and Human Services department of Health and Human Services, for strengthing health care delivery and access by encouraging innovation as well as efficiency and transparency of the programs and processes… Since the administration of President Barack Obama took charge of the government in 2008, one of the objectives that have been aggressively pursued was health care....
4 Pages (1000 words) Research Paper

Henry Ford Health System

In Henry Ford, 280 volunteers assist in the running of facilities and the offering of services in the hospital (Henry Ford Hospital, 2014).... An example is in the case of preoperative services.... This work called "Henry Ford health System" describes is a medical institution located in Detroit.... The author outlines the internal and external running of the institution, the general improvement of the organization with regard to human resources majorly and other sectors....
8 Pages (2000 words) Essay

The Florida Department of Public Safety

This report “The Florida department of Public Safety” is intended to provide a view of the needs of Florida department of Public Safety.... here were varieties of interventions developed in order to determine the various needs in the Florida department of Public Safety (Bailey, 2014).... The nine groups would discuss the various issues of concern in the Florida department of Public Safety.... Example of these indicators includes the prison health indicators....
6 Pages (1500 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us